admin管理员组

文章数量:1123404

I am trying to get non-admin metadata from PowerBI using ADF.

I have already managed to download admin metadata using ADF, but with non-admin I have troubles.

What I have done so far:

  1. Created a security group and added the service principal of the ADF
  2. Created a registered app, and added the app to the security group. The registered app has the following privileges: Report.Read.All, Dataset.Read.All, Workspace.Read.All - admin consent granted.
  3. In Power BI I have enabled both "Service principals can use Fabric APIs" and "Allow service principals to access read-only admin APIs" and applied to the security group
  4. In Power BI in workspaces, I added as members both - security group and the registered app.

As stated before, admin metadata I can download, I use the security group with Service Principal of the ADF for this purpose. Non-admin metadata I want to download using registered app.

In ADF pipeline I created two web activities

  1. Get Bearer Token: URL- //oauth2/v2.0/token Method- POST Body-

    grant_type=client_credentials &client_id=<Client_ID> &client_secret= &scope=/.default Headers- content-type:application/x-www-form-urlencoded

  2. Call PowerBI API: URL- .0/myorg/reports/ Method- GET Authentication- None Headers- Authorization: @concat(activity('Request Bearer Token').output.token_type, ' ', string(activity('Request Bearer Token').output.access_token))

The first activity to get Token is successful, the second activity is not. I get the following error: "Message":"API is not accessible for application".

I tried in Postman and I get error: 403 forbidden.

If I use www.learn.microsoft to request for API, so using my personal account with the Token generated by ADF - I call API successfully.

So it seems there is some permission issue? Although, at this moment I think I have checked everything and I am out of ideas... Perhaps, somebody has the same problem?

I am trying to get non-admin metadata from PowerBI using ADF.

I have already managed to download admin metadata using ADF, but with non-admin I have troubles.

What I have done so far:

  1. Created a security group and added the service principal of the ADF
  2. Created a registered app, and added the app to the security group. The registered app has the following privileges: Report.Read.All, Dataset.Read.All, Workspace.Read.All - admin consent granted.
  3. In Power BI I have enabled both "Service principals can use Fabric APIs" and "Allow service principals to access read-only admin APIs" and applied to the security group
  4. In Power BI in workspaces, I added as members both - security group and the registered app.

As stated before, admin metadata I can download, I use the security group with Service Principal of the ADF for this purpose. Non-admin metadata I want to download using registered app.

In ADF pipeline I created two web activities

  1. Get Bearer Token: URL- https://login.microsoftonline.com//oauth2/v2.0/token Method- POST Body-

    grant_type=client_credentials &client_id=<Client_ID> &client_secret= &scope=https://analysis.windows.net/powerbi/api/.default Headers- content-type:application/x-www-form-urlencoded

  2. Call PowerBI API: URL- https://api.powerbi.com/v1.0/myorg/reports/ Method- GET Authentication- None Headers- Authorization: @concat(activity('Request Bearer Token').output.token_type, ' ', string(activity('Request Bearer Token').output.access_token))

The first activity to get Token is successful, the second activity is not. I get the following error: "Message":"API is not accessible for application".

I tried in Postman and I get error: 403 forbidden.

If I use www.learn.microsoft.com to request for API, so using my personal account with the Token generated by ADF - I call API successfully.

So it seems there is some permission issue? Although, at this moment I think I have checked everything and I am out of ideas... Perhaps, somebody has the same problem?

  • azure
  • rest
  • powerbi
  • azure-data-factory
  • metadata
Share Improve this question asked 15 hours ago YAHO5YAHO5 52 bronze badges 1
  • Note that, service principal authentication is not supported for accessing My workspace (myorg). With client credentials flow token, you cannot call /myorg/ endpoint. To resolve this, you need to change your authentication flow to delegated where user interaction is required. Refer this stackoverflow.com/questions/77867783/… – Sridevi Commented 15 hours ago
Add a comment  | 

1 Answer 1

Reset to default 0

The key is to add Workspace ID to the URL. So, in the second WEB activity where the Bearer Token is passed, instead of the following URL:

https://api.powerbi.com/v1.0/myorg/reports/

Add Workspace ID, like this:

https://api.powerbi.com/v1.0/myorg/groups/{Workspace ID}/reports

本文标签: azurePowerBIADFnonadmin APIquotAPI not accessiblequotStack Overflow

版权声明:本文标题:azure - PowerBI - ADF - non-admin API - &quot;API not accessible&quot; - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736569317a1944750.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。