Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
Anonymous
Not applicable

Power BI API using Service Principal

โ€Ž10-16-2024 06:11 PM

Hi, I am not sure if this is the right category to post since i am not a Fabric user but only Power BI. if not, my bad ๐Ÿ˜‚

i am trying to use Power BI API via Service principal. i've given delegated permissions to the service principal and also enabled all the settings in Power BI's Admin Portal setting relevant. details as below:

 

- APIs

    - Got my token as following to 'https://api.powerbi.com/v1.0/myorg/groups/{group_id}/datasets/{dataset_id}/refreshes'    (get)

    - Get Power BI Dataset Refresh history

      : 'https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token'    (post)

    - GET Sharepoint Data

      :' https://accounts.accesscontrol.windows.net/[Tenant-ID]/tokens/OAuth/2'   (post)

  

 

- Power BI Workspace : Added a security group the service principal is in as Admin. in case it might help, i also added the service principal itself as admin, too...

 

 

- Delegated permission

  <Power BI>

    - Dataset.readwrite.all

    - Item.Excute.ALL

    - Item.ExternalDataShare.ALL

    - Item.ReadWrite.ALL

    - Item.Reshare.ALL

    -App.Read.All

 

 <Sharepoint>

   - AllSites.Read

   - AllSites.Write

 

 

The thing is that even all these settings added and enabled, i still get errors,,,, is anyone know how i can resolve this?

minhee_2-1729125621363.png

 

minhee_0-1729125455286.pngminhee_1-1729125457985.png

 

 

 

P.S. I succeeded testing the same senario in Different Tenant. therefore, it could be something to do with conditional access? 

 

Regards,

Thank you.

 

Labels:
Message 1 of 6
1,518 Views
0
5 REPLIES 5
FabianSchut
Contributor III

โ€Ž10-16-2024 10:24 PM

Hi @Anonymous,

 

What method do you use to get the Bearer token? Do you use the client_id & client_secret version? What is the scope you are using while retrieving the Bearer token?

Message 2 of 6
1,481 Views
frithjof_v
Honored Contributor

โ€Ž10-17-2024 12:08 AM

Just want to mention:

 

When you are using service principal (or more precisely: client credentials flow), the delegated permissions have no effect. So it's not necessary to setup any delegated permissions when you will use the service principal authentication (more specifically, client credentials flow).

 

What matters, is what permissions you give the service principal inside the Power BI portal (Fabric).

 

https://learn.microsoft.com/en-us/answers/questions/2039779/service-principal-doesnt-respect-delegat...

 

https://community.fabric.microsoft.com/t5/General-Discussion/Power-BI-Rest-API-Delegated-permissions...

 

https://www.reddit.com/r/PowerBI/s/ZhJFNHA7vM

Message 3 of 6
1,459 Views
Anonymous
Not applicable

โ€Ž10-17-2024 05:23 PM

Hi @FabianSchut,

The bearer token was obtained using the clien_sercet method. and I use scope 'https://analysis.windows.net/powerbi/api/.default'

minhee_0-1729210668786.png

 

Message 4 of 6
1,411 Views
0
FabianSchut
Contributor III
In response to Anonymous

โ€Ž10-17-2024 10:11 PM

Hi @Anonymous,

 

Those are indeed the correct settings. Are you sure that the service principal is added as a member in the security group app-test-mhkim (the security group that is able to use APIs)? And just to be sure, in your screenshot you have unapplied changes for the admin API settings. Did you apply them afterwards?

Message 5 of 6
1,394 Views
0
Anonymous
Not applicable

โ€Ž10-18-2024 02:21 AM

Hi, @Anonymous 

Thanks for the reply from FabianSchut and frithjof_v, FabianSchut gave the suggetions, you can check it.

Best Regards,
Yang
Community Support Team



Message 6 of 6
1,384 Views
0

Helpful resources

Announcements
View All
Users online (4,084)