Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Data Days is here! Join us now for 60+ days of learning, challenges, and connection. Learn more

Reply
Anonymous
Not applicable

ADMIN Rest API request using Service Principal

‎12-02-2022 06:42 AM

Hi all, 

 

I am trying to use ADMIN REST API for Power BI (e.g., GetGroupsAsAdmin) using a Service Principal (Read-Only). 

 

I have follow the MS documentation for this process: 

 

1. Create App in Azure (Without any PBI Admin-consent credential)

 

2. Add the App into a Secure Group in Azure

 

3. Enable the Service Principal in Power BI and add the Secure Group as an specific group

 

4. Add the App as a member of the workspaces in Power BI Service

 

Then I generate the access token in PowerShell and try to pull out data from REST API using Anonynous connection in Power BI Desktop.

 

Yet I was getting a forbidden access message...

 

sebastianj_0-1669991832892.png

sebastianj_1-1669991905097.png

Then we allow the Delegated Permission (Tenant.ReadAll) but message just changed to "Credential provided are not valid"

 

Does anyone know what could be happening?

 

Many thanks

 

Labels:
Message 1 of 3
2,473 Views
0
1 ACCEPTED SOLUTION
Daryl-Lynch-Bzy
Community Champion
Community Champion

‎12-02-2022 02:42 PM

Hi @Anonymous - you shouldn't need step 4.  The Service Principal app will be assigned premissions to read all workspaces when the Security Group it is a member of was added in step 3.  However, can I please check that you added it in the 2 places in the Power BI Tenant Settings:

 

  1. Allow service principals to use Power BI APIs
  2. Allow service principals to use read-only Power BI admin API

Embed Power BI content in an embedded analytics application with service principal and an applicatio...

Enable service principal authentication for read-only admin APIs - Power BI | Microsoft Learn


View solution in original post

Message 2 of 3
2,437 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎12-06-2022 11:31 PM

Hi @Anonymous,

Did the above suggestions help with your scenario? if that is the case, you can consider Kudo or Accept the helpful suggestions to help others who faced similar requirements.

If these also don't help, please share more detailed information to help us clarify your scenario to test.

How to Get Your Question Answered Quickly 

Regards,

Xiaoxin Sheng

Message 3 of 3
2,384 Views
0
Daryl-Lynch-Bzy
Community Champion
Community Champion

‎12-02-2022 02:42 PM

Hi @Anonymous - you shouldn't need step 4.  The Service Principal app will be assigned premissions to read all workspaces when the Security Group it is a member of was added in step 3.  However, can I please check that you added it in the 2 places in the Power BI Tenant Settings:

 

  1. Allow service principals to use Power BI APIs
  2. Allow service principals to use read-only Power BI admin API

Embed Power BI content in an embedded analytics application with service principal and an applicatio...

Enable service principal authentication for read-only admin APIs - Power BI | Microsoft Learn


Message 2 of 3
2,438 Views
0

Helpful resources

Announcements
Fabric Data Days is here Carousel

Fabric Data Days 2026

Don't miss out on Data Days, June 15 through August 7. Learn Fabric, Power BI, SQL, AI and more.

May Power BI Update Carousel

Power BI Monthly Update - May 2026

Check out the May 2026 Power BI update to learn about new features.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

View All
Top Kudoed Authors
View All