Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
tcash
Helper I
Helper I

Read access to a Dataflow as a data source by a non-owner of the dataflow

How do I enable a PBI desktop user to read PBI service dataflow entities when the user is not the one that created the dataflow?  Note, the Dataflow is created in a Workspace that is using Azure Data Lake Gen2 storage.

 

Currently, the user opens PBI Desktop, does Get Data, Power BI Dataflows and is displayed a list of all dataflows and their  entities.  However, when an entity is checked for selection as a data source the user gets the message "Expression.Error: Access to the resource is forbidden."

 

Regards,

Tim

1 ACCEPTED SOLUTION

I believe our permission issues are caused by the fact that we are writing to a tenant based Azure Data Lake Gen2 storage filesystem (as opposed to the default shared Data Lake filesystem).  We need to manually assign permissions to all of our Data Lakes CDM folders and files.  It is  tedious for now because the permissions do not propagate to files that already existed before new permissions are applied.  The Data Lake permission propagation rules are still not clear to me but we finally got things to work "good enough" after much manual tweaking and testing. Hopefully, this manual effort is eliminated or minimized after PBI dataflows get out of preview mode. In the meantime the manual effort can be minimized by knowing the GUIDs of all security groups needing access to individual folders and their files soon after the CDM folders are created by a refresh.

View solution in original post

3 REPLIES 3
v-lili6-msft
Community Support
Community Support

hi, @tcash 

I have test on my side, it works well.

User A create a data flow in a workspace, and User B could get data in power bi desktop from this data flow.

 

Best Regards,

Lin

Community Support Team _ Lin
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

I believe our permission issues are caused by the fact that we are writing to a tenant based Azure Data Lake Gen2 storage filesystem (as opposed to the default shared Data Lake filesystem).  We need to manually assign permissions to all of our Data Lakes CDM folders and files.  It is  tedious for now because the permissions do not propagate to files that already existed before new permissions are applied.  The Data Lake permission propagation rules are still not clear to me but we finally got things to work "good enough" after much manual tweaking and testing. Hopefully, this manual effort is eliminated or minimized after PBI dataflows get out of preview mode. In the meantime the manual effort can be minimized by knowing the GUIDs of all security groups needing access to individual folders and their files soon after the CDM folders are created by a refresh.

hi, @tcash 

Great! It's pleasant that it works "good enough".

If you consider this issue closed, please mark it as "solved", that way, other community members will easily find the solution when they get same issue.  Smiley Very Happy

Thanks.

 

 

Best Regards,

Lin

 

Community Support Team _ Lin
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors
Top Kudoed Authors