Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hi Team,
I am new to powerbi as well as to their API's and looking for help/guidance to automate the permission management. My requirement is to provide the access to the Windows user comming from AD to one of the report specific folder when published in the Report server. Is it possible?
I also looked into API's but do not know which one to use (https://app.swaggerhub.com/apis/microsoft-rs/PBIRS/2.0 )?
Many thanks in advance for all the help.
Solved! Go to Solution.
I think you'd probably use https://app.swaggerhub.com/apis/microsoft-rs/PBIRS/2.0#/Folders/SetFolderPolicies but it's probably also easier to use the Powershell tools than to call the REST endpoint directly.
However it depends what the logic is to map the user to a folder. I tend to avoid adding individual users to folder permissions if at all possible and instead we get AD groups created and add the group to the folder permissions. Then everyone in a given department or team just needs to be added to that AD group and they get access to all the reports they need. It's usually much easier than assigning permissions to individual users and if someone moves teams/departments it's just a matter of removing them from one group and adding them to another in AD.
I think you'd probably use https://app.swaggerhub.com/apis/microsoft-rs/PBIRS/2.0#/Folders/SetFolderPolicies but it's probably also easier to use the Powershell tools than to call the REST endpoint directly.
However it depends what the logic is to map the user to a folder. I tend to avoid adding individual users to folder permissions if at all possible and instead we get AD groups created and add the group to the folder permissions. Then everyone in a given department or team just needs to be added to that AD group and they get access to all the reports they need. It's usually much easier than assigning permissions to individual users and if someone moves teams/departments it's just a matter of removing them from one group and adding them to another in AD.
Hi @d_gosbell ,
Many thanks for the suggestion. I ended up using the Powershell tools to complete my requirement to have permission automatically assigned (used Grant-AccessOnCatalogItem.ps1).
Now comming to assigning permission using groups, my organization policy did not allow me to have a group owner membership so that I can add the members on my will [need to create a ticket to IT Team for this]. In order to have a workarround, I have written Powershell script to create a local group in VM and assign permission to the Powerbi report folder as well as SQL. Do you think while creating local security group there is some security issue?
Would be waiting for your reply and once again thanks :).
@Anonymous wrote:
Do you think while creating local security group there is some security issue?
I don't think so. The main issues with local groups is that you can only use them on the one server and they can't be centrally managed.
We worked with our IT dept on this and now if people need access to reports they raise an IT ticket and the help desk assigns them to the group. We use a specific prefix for reporting groups and this works well for us, but obviously it depends on how easy it is to engage with your IT team.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
15 | |
5 | |
4 | |
2 | |
2 |
User | Count |
---|---|
15 | |
7 | |
5 | |
3 | |
3 |