Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
AdamWidi
Frequent Visitor

Service Principal with Power BI using Data Gateway

Currently the Service principal account cannot leverage the On-Premises Data Gateway since it is not a mail-enabled account. This prevents a Power BI Embedded solution to leverage an on-premises SSAS tabular model using the service principal. Instead we need a full-blown power BI pro license for a service account. Is it on the roadmap to add this capability?

 

https://docs.microsoft.com/en-us/power-bi/developer/embed-service-principal#considerations-and-limit...

14 REPLIES 14
Christophe93
Helper II
Helper II

Hi

Impossible to add a AAD SP  to gateway  users (As adim for example)

But it can be done VIA powershell 

https://blog.jpries.com/2021/11/25/adding-a-non-email-enabled-object-to-power-bi-gateway-cluster-use...

This issue has been fixed in Q2 2023.

It is now possible to use the GUI to add a SPN as a user to a both the gateway and to the datasources on the gateway.

axires
Frequent Visitor

Hi @AdamWidi / @Jayendran / @brentcarlson / @baouss / @ilav ,

I managed to add the Security Group my Service Principal belongs to to the Gateway Admins via the Power Platform Admin Portal.

Things work fine from then on.

Hope this helps !

Franck

Hello Axires,

How did you manage to add the group you service principal belongs?

I tried to do it but when I call PBI API to get list of gateways, the result is empty.

Thanks

Jayendran
Solution Sage
Solution Sage

Hi @AdamWidi / @brentcarlson / @baouss ,

 

Currently this is not yet implemented by PowerBI. I've already asked the same question long back and found this idea is already asked and waiting for more votes.

 

Please provide you vote for the below idea.

https://ideas.powerbi.com/forums/265200-power-bi-ideas/suggestions/37055242-service-principal-with-p...

 

I'll reach out to powerbi team and will try to find the ETA for this feature.

@Jayendran Thanks for the info! Let us know if you hear anything from the Power BI team on this issue.

 

Also, I read a Microsoft documents that states: Customers that configure row-level security (RLS) using an SQL Server Analysis Services (SSAS) on-premises live connection data source can enjoy the new service principal capability to manage users and their access to data in SSAS when integrating with Power BI Embedded.  (https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security#on-premises-data-gat...).  This articles implies, that even though you have to use the API to add it, it should work? Based on what your saying is this documentation wrong (or am I misunderstanding it?)

 

Thanks!

 

 

Thanks @brentcarlson for the link to the article.  Based on the date of the post, the capabability was added after we initially attempted, so this may now be possible.

@AdamWidi Let us know if you get this working. So far, we haven't been able to see it work; even though the service principal shows up in the access list for the gateway now.

Were you able to map the DSN associated to the gateway via an Powershell or API?

We still have not been able to get this work. We got the gateway to show the Service Principal using the API call; however we think the issue stems inside of SQL Server and/or SQL Server Analysis Services. When using Azure hosted SQL Analysis Servvices there is an option to add an appid (of the Service Principal); on-premise SQL Analysis Services does not give this option. We think this is why it is not working (and makes sense); as the Service Principal doesn't have access to SQL. We are looking at alternatives on how to translate the authentication from the gateway into SQL Analysis Services. The documenation implies this should work but doesn't give any details on how to make it work.

AdamWidi
Frequent Visitor

I did get a suggestion to try adding the Service Principal to an Azure AD group, make this group a gateway admin, and add user mapping in the gateway connection.  Has anyone had success with this approach?

Hi @AdamWidi 

 

did you get this solved with a service principal?

 

Cheers

Was anyone ever able to solve this? I have the same issue. I was able to add the service principal to the data source on the on-premise gateway using the API; but it still doesn't seem to work even though the service principal now shows in the access list.

Followed the example here: https://docs.microsoft.com/en-us/rest/api/power-bi/gateways/adddatasourceuser - Tried using both ReadOverrideEffectiveIdentity and Read as the datasourceAccessRight

Anonymous
Not applicable

You need to add the service principal as gateway admin and not as datasource.I also have same issue as sp doenst have email id to get added it as an admin.Any one knows how to get this added?Thanks

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.