Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Anonymous
Not applicable

Error getting embed token with row level security

‎09-05-2019 08:17 PM

Hi All,

 

I am having trouble getting App Only Embed token using C# and also via Postman. 

 

1) I get the OAuth2 Access token for my service principal using App Id and Secret.

2) I try to post on https://api.powerbi.com/v1.0/myorg/groups/{GroupId}/{ReportId}/GenerateToken

 

with the below body:

{
"accessLevel": "View",
"identities": [
{
"username": "UserEmail@Company.com",
"roles": [ "SomeRole" ],
"datasets": ["DatasetId"]
}
]
}

 

Error:

{
"error": {
"code": "InvalidRequest",
"message": "Creating embed token for accessing dataset {DatasetId} requries gateway admin or datasource override effective identity access right"
}
}
Labels:
Message 1 of 5
3,645 Views
0
4 REPLIES 4
Anonymous
Not applicable

‎09-11-2019 02:08 PM

Things that finally worked for us:

 

1) Had to give the service principal the permission "ReadOverrideEffectiveIdentity" by running Microsoft's rest api call with the datasourceId and the gatewayid.

see this link for more info: 

https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security#on-premises-data-gat...

 

The identifier used in the JSON BODY Request is not the Azure AD service principal object Id, turns out that there is a separate identifier for the service principal when it is added to powerBi workspace as an admin.

 

running a rest call to get users on the workspace/report would give the actual identifier.

 

*This is wierd as the documentation doesnot say that, but have raised this concern with microsoft.

2) After this, a normal call to get embed token along with effective identity works fine.

 

 

 

Message 3 of 5
3,557 Views
lnoguera
Frequent Visitor
In response to Anonymous

‎05-03-2021 09:56 AM

After doing what worked for you (find the service principal identifier using the rest api and give the ReadOverrideEffectiveIdentity permissions to it), now we´re getting a different error: "Only folder user with reshare permissions can generate embed token".  Do you know what might be the cause of this?

Message 5 of 5
2,384 Views
0
Anonymous
Not applicable
In response to Anonymous

‎12-15-2020 01:50 PM

Incredible.  Almost a year after your post, I ran into the same issue.  Using the Microsoft sample app, the error was hidden from me.  I only saw 403 Forbidden returned.  Using Postman and APIs to generate an EmbedToken, I then saw the 

"Creating embed token for accessing dataset..."

mentioned above.  Your comment of "The identifier used in the JSON BODY Request is not the Azure AD service principal object Id, turns out that there is a separate identifier for the service principal when it is added to powerBi workspace as an admin." was finding a needle in a hay stack.  You were right!  Once I found the "identifier" of my service principal using the APIs against the Power BI Workspace, I updated the username in my sample app and bam!  I finally executed a successful end to end request.  

 

 

Message 4 of 5
2,875 Views
0
Jayendran
Solution Sage
Solution Sage

‎09-05-2019 11:26 PM

Hi,

 

Can you pls look this

https://community.powerbi.com/t5/Developer/Unable-to-get-RLS-security-to-work-with-an-app-owns-data/...

 

 

Message 2 of 5
3,615 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Kudoed Authors
View All