https://community.fabric.microsoft.com/t5/Developer/APP-registration-API-permissions/m-p/1343719#M25529 <P><FONT face="tahoma,arial,helvetica,sans-serif">Hi&nbsp;<a href="https://community.fabric.microsoft.com/t5/user/viewprofilepage/user-id/176702">@urraghu</a>,</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif">#1, Nope, I don't think these users can view all contents. If they not have admin permission, they can only view the public and the contents they get permission to access. (for personal workspace contents, admin also not has permission to view)</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif"><A href="https://docs.microsoft.com/en-us/rest/api/power-bi/" target="_self">Power BI REST APIs</A>&nbsp;</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif">#2, AFAIK, these operations are work on the azure side and mapping with user credentials. If users want to operate on power bi content, they will also verify the AAD credentials and power bi permissions.</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif"><A href="https://docs.microsoft.com/en-us/power-bi/developer/automation/walkthrough-push-data-get-token" target="_self">Get an authentication access token</A>&nbsp;</FONT><BR /><FONT face="tahoma,arial,helvetica,sans-serif">In addition, you can also check the audit log function which will log the activity of different users. (these operations are based on his credentials, so they will also record into audit logs)</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif"><A href="https://docs.microsoft.com/en-us/power-bi/admin/service-admin-auditing" target="_self">Track user activities in Power BI</A>&nbsp;</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif">Regards,</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif">Xiaoxin Sheng</FONT></P> Thu, 03 Sep 2020 09:35:45 GMT Anonymous 2020-09-03T09:35:45Z https://community.fabric.microsoft.com/t5/Developer/APP-registration-API-permissions/m-p/1337766#M25510 <P>Hi,</P><P>&nbsp;</P><P>Regarding registration of an App in Azure AD through below power-bi App registration tool.</P><P><A href="https://docs.microsoft.com/en-us/power-bi/developer/embedded/register-app" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/power-bi/developer/embedded/register-app</A></P><P><A href="https://dev.powerbi.com/apps" target="_blank" rel="noopener">https://dev.powerbi.com/apps</A></P><P>&nbsp;</P><P>From governance and security perspective, want to know what each of API permissions are for. any documentation/pointers explaining each API access/permission scope would be helpful.</P><P>&nbsp;</P><P>I believe APP that should be registered is the&nbsp; workspace which becomes APP once published..</P><P>By granting " Read and Write All data sets" .. would this application and developer signed in get read/write access to all data sets of all work spaces in the tenant or only the data sets of the App/workspace being registered?</P><P>Similarly, other permissions like "Read and Write all workspaces/dashboards" ??&nbsp;</P><P>&nbsp;</P><P>By name it sounds like developer registering the app would get access through API to all data sets/reports/dashboards when those respective permissions are given. But wondering why one should have access to other workspaces/datasets outside his App/workspace which is being registered?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 01 Sep 2020 06:36:57 GMT https://community.fabric.microsoft.com/t5/Developer/APP-registration-API-permissions/m-p/1337766#M25510 urraghu 2020-09-01T06:36:57Z https://community.fabric.microsoft.com/t5/Developer/APP-registration-API-permissions/m-p/1343719#M25529 <P><FONT face="tahoma,arial,helvetica,sans-serif">Hi&nbsp;<a href="https://community.fabric.microsoft.com/t5/user/viewprofilepage/user-id/176702">@urraghu</a>,</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif">#1, Nope, I don't think these users can view all contents. If they not have admin permission, they can only view the public and the contents they get permission to access. (for personal workspace contents, admin also not has permission to view)</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif"><A href="https://docs.microsoft.com/en-us/rest/api/power-bi/" target="_self">Power BI REST APIs</A>&nbsp;</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif">#2, AFAIK, these operations are work on the azure side and mapping with user credentials. If users want to operate on power bi content, they will also verify the AAD credentials and power bi permissions.</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif"><A href="https://docs.microsoft.com/en-us/power-bi/developer/automation/walkthrough-push-data-get-token" target="_self">Get an authentication access token</A>&nbsp;</FONT><BR /><FONT face="tahoma,arial,helvetica,sans-serif">In addition, you can also check the audit log function which will log the activity of different users. (these operations are based on his credentials, so they will also record into audit logs)</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif"><A href="https://docs.microsoft.com/en-us/power-bi/admin/service-admin-auditing" target="_self">Track user activities in Power BI</A>&nbsp;</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif">Regards,</FONT></P> <P><FONT face="tahoma,arial,helvetica,sans-serif">Xiaoxin Sheng</FONT></P> Thu, 03 Sep 2020 09:35:45 GMT https://community.fabric.microsoft.com/t5/Developer/APP-registration-API-permissions/m-p/1343719#M25529 Anonymous 2020-09-03T09:35:45Z