cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
AdamWidi
Frequent Visitor

Service Principal with Power BI using Data Gateway

Currently the Service principal account cannot leverage the On-Premises Data Gateway since it is not a mail-enabled account. This prevents a Power BI Embedded solution to leverage an on-premises SSAS tabular model using the service principal. Instead we need a full-blown power BI pro license for a service account. Is it on the roadmap to add this capability?

 

https://docs.microsoft.com/en-us/power-bi/developer/embed-service-principal#considerations-and-limit...

11 REPLIES 11
axires
Frequent Visitor

Hi @AdamWidi / @Jayendran / @brentcarlson / @baouss / @ilav ,

I managed to add the Security Group my Service Principal belongs to to the Gateway Admins via the Power Platform Admin Portal.

Things work fine from then on.

Hope this helps !

Franck

Jayendran
Solution Sage
Solution Sage

Hi @AdamWidi / @brentcarlson / @baouss ,

 

Currently this is not yet implemented by PowerBI. I've already asked the same question long back and found this idea is already asked and waiting for more votes.

 

Please provide you vote for the below idea.

https://ideas.powerbi.com/forums/265200-power-bi-ideas/suggestions/37055242-service-principal-with-p...

 

I'll reach out to powerbi team and will try to find the ETA for this feature.

@Jayendran Thanks for the info! Let us know if you hear anything from the Power BI team on this issue.

 

Also, I read a Microsoft documents that states: Customers that configure row-level security (RLS) using an SQL Server Analysis Services (SSAS) on-premises live connection data source can enjoy the new service principal capability to manage users and their access to data in SSAS when integrating with Power BI Embedded.  (https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security#on-premises-data-gat...).  This articles implies, that even though you have to use the API to add it, it should work? Based on what your saying is this documentation wrong (or am I misunderstanding it?)

 

Thanks!

 

 

Thanks @brentcarlson for the link to the article.  Based on the date of the post, the capabability was added after we initially attempted, so this may now be possible.

@AdamWidi Let us know if you get this working. So far, we haven't been able to see it work; even though the service principal shows up in the access list for the gateway now.

Were you able to map the DSN associated to the gateway via an Powershell or API?

We still have not been able to get this work. We got the gateway to show the Service Principal using the API call; however we think the issue stems inside of SQL Server and/or SQL Server Analysis Services. When using Azure hosted SQL Analysis Servvices there is an option to add an appid (of the Service Principal); on-premise SQL Analysis Services does not give this option. We think this is why it is not working (and makes sense); as the Service Principal doesn't have access to SQL. We are looking at alternatives on how to translate the authentication from the gateway into SQL Analysis Services. The documenation implies this should work but doesn't give any details on how to make it work.

AdamWidi
Frequent Visitor

I did get a suggestion to try adding the Service Principal to an Azure AD group, make this group a gateway admin, and add user mapping in the gateway connection.  Has anyone had success with this approach?

baouss
Frequent Visitor

Hi @AdamWidi 

 

did you get this solved with a service principal?

 

Cheers

Was anyone ever able to solve this? I have the same issue. I was able to add the service principal to the data source on the on-premise gateway using the API; but it still doesn't seem to work even though the service principal now shows in the access list.

Followed the example here: https://docs.microsoft.com/en-us/rest/api/power-bi/gateways/adddatasourceuser - Tried using both ReadOverrideEffectiveIdentity and Read as the datasourceAccessRight

You need to add the service principal as gateway admin and not as datasource.I also have same issue as sp doenst have email id to get added it as an admin.Any one knows how to get this added?Thanks

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

November Power BI Update 768x460.png

Check it Out!

Click here to read more about the November 2021 Updates!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Solution Authors