cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Dineth New Member
New Member

Azure App registration with Power BI API

HI All,

I m very new to this forum, I hoipe this is the correct place to post this question.

 

I have a follwoing requiremnet form our business and as an O365 admin I have to answer to this, can someone please help me on this.

Business unit asking following 

 

1. O365 Service account without MFA with Power BI Pro licence assigned

2. Register an Azure Native Application with Power BI view permissions API 

3. Add the service account as the owner on this Application

 

My question is when I try to give the API permission I can see following table, in there the view permission is for the whole tenant ( all workspaces). SO does it means if I resgiter the above  azure application with the service account , will that service account be able to read all worspace data using the registered application ? If yes how can we restict to not to read all worspace data, just only the specific workspace data as we have very confidential data stored on some other work spaces. 

Are ther any other better way to do this. 

 

Read and write all dataflows
View all dataflows
Read and write all content in tenant
Read and Write all Reports
View users Groups
View all Groups
View all Reports (preview)
reate content (preview)
View content properties (preview)
Read and Write all Datasets
View all Datasets
View all Dashboards (preview)
Add data to a user's dataset (preview)
Read and Write all Dashboards
View all content in tenant
Read and write all workspaces
View all workspaces
Read and write all capacities
View all capacities
 
Thanks for your guidence. 
1 REPLY 1
Highlighted
zoloturu
Advisor

Re: Azure App registration with Power BI API

Hi @Dineth,

 

I think the better way of solving this would be to have all workspaces owned by account different than your app service account.

So you give access to each workspace from the main account to your service account to specific workspaces with specific access.

 

How to give specific access to a particular workspace:

 

Regarding registering Azure app - mark only Read options. Select Native app type. And this account will be an owner of this app because at the top you do log in - https://dev.powerbi.com/apps

 

Regards,
Ruslan
-------------------------------------------------------------------
Did I answer your question? Mark my post as a solution!

Helpful resources

Announcements
Can You Solve These Challenge

Challenge: Can You Solve These?

Find out how to participate in the first Power BI 'Can You Solve These?' challenge.

Community News & Announcements

Community News & Announcements

Get your latest community news and announcements.

Virtual Launch Event

Microsoft Business Applications October Virtual Launch Event

Join us for an in-depth look at the new innovations across Dynamics 365 and the Microsoft Power Platform.

Community Kudopalooza

Win Power BI Swag with Community Kudopalooza!

Each week, complete activities and be qualified in the drawing for cool Power BI Swag.

Top Kudoed Authors
Users Online
Currently online: 46 members 786 guests
Please welcome our newest community members: