Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
nishanttayal
Frequent Visitor

Power BI Rest API is throwing Forbidden error on Datasets API through Service Principle

‎12-07-2022 12:50 AM

All the Dataset API's are giving forbidden error when hit through Service Principle. 
Service Priciple App is having access of Tenant.ReadWrite.All but still its not accessible. Appreciate any lead it making Dataset and Gateway API work through service principle.

Labels:
Message 1 of 9
1,357 Views
0
8 REPLIES 8
tmjones2
Frequent Visitor

‎01-25-2023 07:44 AM

Fixed my problem by using RefreshDatasetInGroupAsync (must be the one that has both the group {workspace} and dataset ID)

Message 9 of 9
1,176 Views
0
tmjones2
Frequent Visitor

‎01-25-2023 07:39 AM

DId you ever find a solution? Having the same problem, service principal can do other things like get the workspaces, datasets, etc. but I'm getting "Forbidden" when using Datasets.RefreshDataset (or the async version).

Message 8 of 9
1,179 Views
0
v-yueyunzh-msft
Community Support
Community Support

‎12-07-2022 05:51 PM

Hi , @nishanttayal 

As far as I know, the 403 error code is usually caused by insufficient permissions or being prohibited from the server for this requested operation, if your service principal already has sufficient permissions: Tenant.readwrite, then I think the only place to check and confirm is that you need to work with your tenant administrator to confirm the Admin in your Power BI tenant These two options in the portal allow the service principal to use the Power BI API are turned on:

vyueyunzhmsft_0-1670464253573.png

vyueyunzhmsft_1-1670464264377.png

 

Thank you for your time and sharing, and thank you for your support and understanding of PowerBI! 

 

Best Regards,

Aniya Zhang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly

 

Message 4 of 9
1,301 Views
0
nishanttayal
Frequent Visitor
In response to v-yueyunzh-msft

‎12-07-2022 10:35 PM

Is read only Admin API access is mandatory to access Dataset and Gateway REST API's? This service principle do have the access for Power BI REST API's as you shown in the snapshot. But I really doubt if I would be able to Allow this service priciple for read-only Admin API's.

Message 5 of 9
1,293 Views
0
ibarrau
Super User
Super User
In response to nishanttayal

‎12-12-2022 04:19 AM

No it's not. The settings for Read only Admin API it's only for admin requests from the doc. Those requests are intended for get massive artifacts over the tenant. However if  you just want to use the get datasets from group from the datasets category, you don't need admin permissions, you just need the ones I told you before. The request will only work if the Registered App is added in the workspace like any other user. The requests will work with the artifacts the login has access, so it will work with things the Registered App has access.

If you have already assigned the read write for datasets, groups and tenant, then you just need to add theregistered App to the workspace you want to return.

I hope that helps,


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 7 of 9
1,238 Views
0
v-yueyunzh-msft
Community Support
Community Support
In response to nishanttayal

‎12-07-2022 11:24 PM

Hi , @nishanttayal 


As you describe today, you want to use your service principal to access all the Dataset and Gateway rest APIs, right? If that's the case, I don't think granting this service principal a simple "Tenant.readwrite" permission will perform all API operations, for example, the prerequisite for this Datasets - Get Dataset In Group is Dataset.ReadWrite.All or Dataset.Read.All, not the Tenant.readwrite you granted.

Datasets - Get Dataset In Group - REST API (Power BI Power BI REST APIs) | Microsoft Learn

 

vyueyunzhmsft_0-1670484228805.png

I don't think it's enough to use all the Dataset and Gateway rest APIs as you said that the read-only admin API option in the Tenant's admin portal is enough, for example, the Datasets - Cancel Refresh In Group API requires write permission, so I think put a few Tenant admins Portal service principal-related permission options are turned on to be the most secure choice.

 

Thank you for your time and sharing, and thank you for your support and understanding of PowerBI! 

 

Best Regards,

Aniya Zhang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly

Message 6 of 9
1,285 Views
0
ibarrau
Super User
Super User

‎12-07-2022 05:07 AM

Hi. Let's see. Is the service principal an admin on the workspace of the datasets? do you have turned on the option to allow service principals to use the Rest API? (setting in admin portal for tenant settings)

If all that is correct and you still have the 403 forbidden, try adding Dataset.ReadWrite.All because I'm not sure that just adding tenant means you can do it all. Also, the tenant permission should be concent by an admin, otherwise it won't allow anything.

I hope that helps,


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 2 of 9
1,311 Views
0
nishanttayal
Frequent Visitor
In response to ibarrau

‎12-07-2022 10:38 PM

Hey,
Yes, this service principle is allowed for POWER BI REST API's. And it also has Dataset.ReadWrite.All access on the Azure App.
Yes, my tenant permission is approved by Admin and I am able to use other API's like uploading the report, getting the export of report, creating new groups/workspaces.
Only thing I am struggling to make it work is the Dataset & Gateway API's.

Message 3 of 9
1,292 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All