Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hello All,
Has anyone tried out the new feature "Service Principal with Admin API access" ? https://docs.microsoft.com/en-us/power-bi/admin/read-only-apis-service-principal-authentication
I have followed the steps as per the article but i get the error message
The remote server returned an error: (401) Unauthorized.
i suspect that the issue is related to this step [which is not clear to me]
Select Add Members. Note: Make sure the app you use does not have any Power BI admin roles set on it in Azure portal. To check this:
Can someone explain what permissions the service principal should have ? FYI we tried to use the service principal i while back to automate data collection via Power BI REST API's and currently these are the permissions assigned to the service principal
Hi there, I found this post looking to use Service Principal to run Admin API. I get the same 401 (Unauthorized) error.
when I try to call this
$headers = Get-PowerBIAccessToken
Invoke-RestMethod -Headers $headers -Uri 'https://api.powerbi.com/v1.0/myorg/admin/capacities/AssignWorkspaces' -body $bodyStr -Method Post
Please confirm if Service PRincipal is intended to those read-only APIs ?
Hi @Anonymous ,
Based on my understanding, I think this is more likely to be related to the authentication access token. REST API needs authentication, did you send authentication credentials along with your request?
To get the token, please refer to Get an authentication access token .
If the problem is still not resolved, please provide detailed error information or the expected result you expect. Let me know immediately, looking forward to your reply.
Best Regards,
Winniz
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hello,
Yes, i am passing/using the authentication token when i execute the REST API.
When i execute the non-admin API like this request "
https://api.powerbi.com/v1.0/myorg/groups" i get results
When i execute the admin API like this request "
https://api.powerbi.com/v1.0/myorg/admin/groups?%24top=5000" i get the error message
The remote server returned an error: (401) Unauthorized.
Do you need any other information ?
Thanks for your help!
Hi @Anonymous ,
The permissions required by these two APIs are different. When you execute Admin - Groups GetGroupsAsAdmin API, you must have administrator rights (such as Office 365 Global Administrator or Power BI Service Administrator) to call this API or authenticate via service principal.
If the problem is still not resolved, please provide detailed error information or the expected result you expect. Let me know immediately, looking forward to your reply.
Best Regards,
Winniz
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hello,
Please check again, your last comment conflicts with what is written in microsoft's documentation.
I am referring to this link
https://docs.microsoft.com/en-us/power-bi/admin/read-only-apis-service-principal-authentication
In this link it states the following.
According to your last post, the service principal needs Power BI Service Administrator role, how do we assign this to a Service Principal ?
Looking forward to your response
Hi @Anonymous ,
I don't mean to assign the administrator role to the service principal. I think the administrator role required by the API refers to the PowerBI account you use when calling the API.
You can test with different PowerBI accounts on Admin - Groups GetGroupsAsAdmin , like this:
This is the test result when I use a normal user (no administrator privileges), it returns 401 errors.
If the problem is still not resolved, please provide detailed error information or the expected result you expect. Let me know immediately, looking forward to your reply.
Best Regards,
Winniz
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hello,
I am interested in executing the Admin API's[that only read data out of power bi ] via a service principal and not via a user account that has administrator rights.
According to this link it should now be possible [from december 2020]
https://docs.microsoft.com/en-us/power-bi/admin/read-only-apis-service-principal-authentication
Am i mistaken ?
Thanks!
Hi @Anonymous ,
Sorry for the late reply.
After I searched some related documents for testing, I found that we can't actually use the service principal authentication for read-only admin APIs to call the API "https://api.powerbi.com/v1.0/myorg/groups".
But we can call the API "https://api.powerbi.com/v1.0/myorg/admin/groups?%24top=5000".
The follow should be noted:
1. you do not need to give PowerBI Service permission to your application.
2. In the Admin Portal, you only need to add the security group to the second option "Allow service principal to use read-only Power BI admin APIs".
This is screenshot of my test:
If the problem is still not resolved, please provide detailed error information or the expected result you expect. Let me know immediately, looking forward to your reply.
Best Regards,
Winniz
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hello,
Thanks. i believe what i need to do is adjust the permissions assigned to the service principal since the one i am using has more permissions currently assigned.
I will make the changes ASAP, test and reply back to this post if your suggestion works.
Thanks!
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.