Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
xhan
Helper I
Helper I

How to limit workspace access for a service principal.

‎02-03-2023 12:27 PM

Hi friends,

 

We are using a service principal to pull metadata of workspaces. There are workspaces that we don't want to give access to this service principal. But even we don't give the access the service principal at the workspace access level:

Screenshot 2023-02-03 at 12.24.10 PM.png

The service principal is still have to get access to this workspace.

Is there a way to limit the access?

We did give access to the security group (the service principal belongs to) admin read only access through tenent settings. Thanks a lot!

Labels:
Message 1 of 3
547 Views
0
2 REPLIES 2
Daryl-Lynch-Bzy
Resident Rockstar
Resident Rockstar

‎02-03-2023 02:37 PM

Hi @xhan - I am trying to understand which type of Service Principal you are using to capture Metadata.  If you follow this type: Enable service principal authentication for read-only admin APIs - Power BI | Microsoft Learn

the Service Principal will have access to all Metadata for all workspaces, but no access to any data within those workspaces.   So, in your case, when you extract Metadata you can provide a list of Workspaces that are required (or exclude restricted workspaces).  This Service Principal can only use the Admin APIs.

 

Another option is to set up a Service Account (not quite a principal).  This account is normal account, so it needs to be a licenced Power BI user and assigned to required workspaces with Admin/Member/Contributor access.  This Service Account can only use regular APIs (not Admin APIs) on the objects its granted access to use.  It will also have access to data.

 

There is another option that sit between these.  However, I personally feel this should only be used for Embedding Power BI in your Web Apps.  Embed Power BI content in an embedded analytics application with service principal and an applicatio...

 

 

Message 2 of 3
503 Views
0
xhan
Helper I
Helper I
In response to Daryl-Lynch-Bzy

‎02-06-2023 09:00 AM

thanks a lot @Daryl-Lynch-Bzy ! The last one for embedding Power BI, that one's also for creating a service principal. The only difference is that it enabled `Embedding content in Apps` for the service principal. And add admin in the workspace for the power BI service principal. Please let me know if I'm understanding anything wrong.

 

Thanks a lot

Message 3 of 3
462 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All