The ultimate Microsoft Fabric, Power BI, Azure AI & SQL learning event! Join us in Las Vegas from March 26-28, 2024. Use code MSCUST for a $100 discount. Register Now
Hi
I have seen a lot of posts on here for this - and have been trying a number of them to get this working in PowerBIDesktop. So far only one seems to be working in my report - FYI I used this post
https://community.powerbi.com/t5/Desktop/Refreshable-Token-for-Admin-Rest-API/m-p/3150421/page/2
This is the query
let
//get token
url = "https://login.microsoftonline.com/45c92590-ccc6-46f9-80ff-9fc8d9edde39/oauth2/token",
GetJson =
Web.Contents(
url,
[
Headers = [
Accept = "application/json",
ContentType = "application/x-www-form-urlencoded"
],
Content =
Text.ToBinary(
"grant_type=client_credentials&
client_id=****************************
client_secret=******************************************
)
]
),
token = Json.Document(GetJson)[access_token],
//other api usage wiht above token
Result =
Web.Contents(
"https://api.powerbi.com/v1.0/myorg/",
[
Headers = [
#"Content-Type" = "application/json",
Authorization = "Bearer " & token,
RelativePath = "admin/groups?$top=2000&$expand=datasets,dataflows,reports,dashboards,users"
]
]
)
This is the error that I am getting
If there is anything anyone can suggest?
I did ask on the other post but I have a different error now and the post may be too old for an answer?
Thanks
Karen
Solved! Go to Solution.
Hi @KarenL7 ,
When using organizational account authentication in Power BI Desktop, it requires Azure Active Directory (AAD) account and credential.
Another way is to use basic authentication and enter personal access token in Power BI Desktop when connecting to VSTS. For more details, please review the following article and similar thread.
Client authentication options - Azure DevOps | Microsoft Learn
Solved: Access to the Resource is Forbidden - Microsoft Power BI Community
Expression.Error: Access to the Resource is Forbidden: Fix (windowsreport.com)
Best Regards
Community Support Team _ Polly
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @KarenL7 ,
When using organizational account authentication in Power BI Desktop, it requires Azure Active Directory (AAD) account and credential.
Another way is to use basic authentication and enter personal access token in Power BI Desktop when connecting to VSTS. For more details, please review the following article and similar thread.
Client authentication options - Azure DevOps | Microsoft Learn
Solved: Access to the Resource is Forbidden - Microsoft Power BI Community
Expression.Error: Access to the Resource is Forbidden: Fix (windowsreport.com)
Best Regards
Community Support Team _ Polly
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
We have looked into this further - after my posts below - and noted that your statement -
We looked into this and noted that although we were bringing back the token correctly- as said in my posts - the resource was forbidden and we were struggling with it.
We then noticed when we added in another token in manually it was totally different and it worked. This was using the admin account. This goes back to what you said in your post
"When using organizational account authentication in Power BI Desktop, it requires Azure Active Directory (AAD) account and credential."
We are going to look into this further, thanks for your help.
Karen
Thanks for this.
I have a question I have about your post is
"When using organizational account authentication in Power BI Desktop, it requires Azure Active Directory (AAD) account and credential."
When we registered the app we created this for a service principal account is this reason it is not working?
So it will retrieve a token correctly but the token will not work so the resource is forbidden as the service principal account is not an Azure directory account and credential.
How can we change that?
I am unsure about the other links you have sent as I do not have access to Azure and need someone else to do the set up.
Thanks
Karen
Further to my post above - I have now found out the following -
When using this had the error message -
I requested the access token elsewhere using different credentials and put it directly into my query to see if I could get any results and it worked straight away.
My question now is -
I can retrieve the token directly without any issues.
I have put this in a function which I call from another query
It then errors saying it is forbidden when trying to access a specific API website.
However using my admin credentials and not the ones that client app id etc. and add in the token directly the query works correctly.
Are there some permission issues that we need to change for this to work?
Thanks
Karen
User | Count |
---|---|
158 | |
109 | |
96 | |
83 | |
75 |
User | Count |
---|---|
154 | |
137 | |
131 | |
81 | |
62 |