topic Fabric API: Update user scopes in Data Engineering

Fabric API: Update user scopes

dver344 — Wed, 24 Jul 2024 09:41:15 GMT

Hi there!

Context: The token I generated was retrieved by logging in with 'Login-PowerBI', followed by "Get-PowerBiAccessToken -asstring" inside of Powershell. This token was then copied and used inside of postman for the authorization. I didn't use any extra parameters. Since the current usage of a Service Principal is quite limited for the Fabric API, we're opting to use the personal bearer token.

Scenario: At our company we're trying to experiment a bit with the MS Fabric API (https://api.fabric.microsoft.com). We've been able to use the API to list the workspaces, items, ... basically most standard get calls you could imagine.

We are able to create workspaces via my individual token, but I'm unable to create individual items inside of a workspace. This is due to the fact that I don't have any individual item level scopes assigned to me for now. My current scopes are: "App.Read.All Capacity.Read.All Capacity.ReadWrite.All Content.Create Dashboard.Read.All Dashboard.ReadWrite.All Dataflow.Read.All Dataflow.ReadWrite.All Dataset.Read.All Dataset.ReadWrite.All Gateway.Read.All Gateway.ReadWrite.All Pipeline.Deploy Pipeline.Read.All Pipeline.ReadWrite.All Report.Read.All Report.ReadWrite.All StorageAccount.Read.All StorageAccount.ReadWrite.All Tenant.Read.All Tenant.ReadWrite.All UserState.ReadWrite.All Workspace.Read.All Workspace.ReadWrite.All"

As you can see, it's quite normal that I'm only able to create a Workspace. But I want to be able to assign e.g. "Notebook.ReadWrite.All" to my user. How do I do this for an individual user? I'm trying to automate as much as possible using Powershell scripts, but the current scopes are quite limited.

Hopefully this is the right section to ask such things, and thank you in advance for your help!

Re: Fabric API: Update user scopes

Anonymous — Thu, 25 Jul 2024 05:44:56 GMT

Hi @dver344 ,

You can refer to the following two documents that can help you understand how to grant permissions and grant application roles:

Grant and revoke delegated permissions programmatically in Microsoft Entra ID | Microsoft Learn

Grant application permissions programmatically in Microsoft Entra ID | Microsoft Learn

The main thing you notice is permissions created programmatically are not subject to review or confirmation. They take effect immediately.

Also I suggest you to post your question to the corresponding PowerShell forum, where the engineers will give you more in-depth and professional help.

Best Regards,

Ada Wang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Re: Fabric API: Update user scopes

dver344 — Thu, 25 Jul 2024 07:13:17 GMT

Hi there,

Maybe it's safe to say that this is not the right forum for that question. The things you are refering to, still use the Service Principal to connect with the Microsoft Fabric API. At a first glance, and at time of writing, this doesn't seem to solve my problem. I have created another topic on the suggested forum.

https://techcommunity.microsoft.com/t5/windows-powershell/fabric-api-update-user-scopes/m-p/4200840#M8316

Thank you for your help.