Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us for an expert-led overview of the tools and concepts you'll need to become a Certified Power BI Data Analyst and pass exam PL-300. Register now.

Reply
sebastianj
Frequent Visitor

ADMIN Rest API request using Service Principal

‎12-02-2022 06:42 AM

Hi all, 

 

I am trying to use ADMIN REST API for Power BI (e.g., GetGroupsAsAdmin) using a Service Principal (Read-Only). 

 

I have follow the MS documentation for this process: 

 

1. Create App in Azure (Without any PBI Admin-consent credential)

 

2. Add the App into a Secure Group in Azure

 

3. Enable the Service Principal in Power BI and add the Secure Group as an specific group

 

4. Add the App as a member of the workspaces in Power BI Service

 

Then I generate the access token in PowerShell and try to pull out data from REST API using Anonynous connection in Power BI Desktop.

 

Yet I was getting a forbidden access message...

 

sebastianj_0-1669991832892.png

sebastianj_1-1669991905097.png

Then we allow the Delegated Permission (Tenant.ReadAll) but message just changed to "Credential provided are not valid"

 

Does anyone know what could be happening?

 

Many thanks

 

Labels:
Message 1 of 3
1,085 Views
0
1 ACCEPTED SOLUTION
Daryl-Lynch-Bzy
Resident Rockstar
Resident Rockstar

‎12-02-2022 02:42 PM

Hi @sebastianj - you shouldn't need step 4.  The Service Principal app will be assigned premissions to read all workspaces when the Security Group it is a member of was added in step 3.  However, can I please check that you added it in the 2 places in the Power BI Tenant Settings:

 

  1. Allow service principals to use Power BI APIs
  2. Allow service principals to use read-only Power BI admin API

Embed Power BI content in an embedded analytics application with service principal and an applicatio...

Enable service principal authentication for read-only admin APIs - Power BI | Microsoft Learn


View solution in original post

Message 2 of 3
1,049 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎12-06-2022 11:31 PM

Hi @sebastianj,

Did the above suggestions help with your scenario? if that is the case, you can consider Kudo or Accept the helpful suggestions to help others who faced similar requirements.

If these also don't help, please share more detailed information to help us clarify your scenario to test.

How to Get Your Question Answered Quickly 

Regards,

Xiaoxin Sheng

Message 3 of 3
996 Views
0
Daryl-Lynch-Bzy
Resident Rockstar
Resident Rockstar

‎12-02-2022 02:42 PM

Hi @sebastianj - you shouldn't need step 4.  The Service Principal app will be assigned premissions to read all workspaces when the Security Group it is a member of was added in step 3.  However, can I please check that you added it in the 2 places in the Power BI Tenant Settings:

 

  1. Allow service principals to use Power BI APIs
  2. Allow service principals to use read-only Power BI admin API

Embed Power BI content in an embedded analytics application with service principal and an applicatio...

Enable service principal authentication for read-only admin APIs - Power BI | Microsoft Learn


Message 2 of 3
1,050 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All