Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
Anonymous
Not applicable

Adding service principal directly to the workspace as an admin gives me an error

‎03-25-2022 04:33 AM

Hi!

 

I am trying to add Service Principal (app registration) to workspace users. 

I am using AccessToken generated for PowerBI Service principals with granted permission: 

gryczanu_0-1648207797716.png

 

Here is a PowerShell code which I use to add Service Princpal to worksapce users

 

$Headers = @{Authorization = "Bearer $AccessToken"}

$Body = @{
    identifier = $AdObjectIdentifier
    groupUserAccessRight ="Admin"
    principalType"App"
}
Invoke-RestMethod -Uri $Uri -Headers $Headers -Method Post -ContentType "application/json" -Body (ConvertTo-Json $Body)  

 

$AdObjectIdentifier is an Azure ObejctId for App Registarion that I want to add to the worksapce users 

 

I am geting  an error: 

The remote server returned an error: (403) Forbidden.

{"error":{"code":"InvalidRequest","message":"Failed to get service principal details from AAD."}}

 

I can add AAD group to workspace (when $AdObjectIdentifier = AAD Obejct ID), but not Service principal, why? 

 

Please, help me to understand this. 

 

Thanks, 

Urszula

 

Labels:
Message 1 of 6
1,509 Views
0
5 REPLIES 5
v-rzhou-msft
Community Support
Community Support

‎03-28-2022 11:50 PM

Hi @Anonymous ,

 

Note:

Service principals have access to any tenant settings they're enabled for. Depending on your admin settings, this includes specific security groups or the entire organization.

Please check whether you have added your Security Group which has added the service principal as a member into the tenant setting.

1.png

You may check the steps in the offical blog to learn more details.

For referencce: Embed Power BI content with service principal and an application secret

 

Best Regards,
Rico Zhou

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 5 of 6
1,392 Views
0
Anonymous
Not applicable
In response to v-rzhou-msft

‎04-01-2022 02:05 AM

@v-rzhou-msft  I have checked, group (service princiapl which I wanted to add belongs to this group) are added below developers seetings. Sitll I am getting thsi error. Do you have any advise?

Message 6 of 6
1,334 Views
0
lbendlin
Super User
Super User

‎03-26-2022 08:08 AM

Your tenant admin may need to allow Service Principals to be used in the tenant.

Message 2 of 6
1,457 Views
0
Anonymous
Not applicable
In response to lbendlin

‎03-28-2022 04:22 AM

@lbendlin Could you please explain me this a bit more? 

Message 3 of 6
1,426 Views
0
lbendlin
Super User
Super User
In response to Anonymous

‎03-28-2022 05:17 AM

talk to your tenant admin about the settings on your tenant.

Message 4 of 6
1,421 Views
0

Helpful resources

Announcements
Europe Fabric Conference

Europe’s largest Microsoft Fabric Community Conference

Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.

RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayPowerBICarousel1

Power BI Monthly Update - May 2024

Check out the May 2024 Power BI update to learn about new features.

View All