Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
JoshT
Advocate II
Advocate II

Add-PowerBIWorkspaceUser with AAD group

‎08-17-2021 06:02 AM

I'm trying to create a script to grant tenant admins access to any given workspace (for any maintenance/administration tasks) and getting a '400 bad request' error, response containing the text 'Parameter PrincipalType or Identifier is missing or invalid'. The code I'm using is below; the workspace is a valid workspace object and the identifier is a valid GUID from an AAD group.

 

Add-PowerBIWorkspaceUser -AccessRight Admin -Workspace $workspace -Scope Organization -PrincipalType Group -Identifier $groupId -Verbose

 

I'm unable to use the API directly as there doesn't appear to be any Scope parameter in the request body (https://docs.microsoft.com/en-us/rest/api/power-bi/groups/add-group-user) to allow me to specify workspaces I'm not already a member of, so I keep getting a 401 authorisation required error.

 

Does anyone know any way around these limitations or if I'm supposed to be using a different identifier for the group?

 

It's noted that we still can't use the AzureAD module to retrieve GUIDs owing to an existing issue with module conflicts that still hasn't been resolved:

https://community.powerbi.com/t5/Developer/PowerShell-AzureAD-cmdlets-incompatible-with/m-p/1688445#...

https://github.com/microsoft/powerbi-powershell/issues/261

Labels:
Message 1 of 3
1,010 Views
0
2 REPLIES 2
v-yiruan-msft
Community Support
Community Support

‎08-19-2021 01:11 AM

Hi @JoshT ,

First make sure the corresponding workspace is a new workspace. Did you want to add Service Prinicipal as workspace user? If yes, you can check out this GitHub issue case below that has the same problem as yours and hopefully it will help you solve it.

Adding Service Principal as workspace admin via API - Is the REST API syntax correct? (check the comment from bcrosnier on Mar 20, 2019)

Once you have a new workspace, you can grant the service principal using the following piece of Powershell.
You need the relevant module, so you might have to execute Install-Module -Name MicrosoftPowerBIMgmt first.

$objectId = 'My-Application-Service-principal-Object-Id'
$groupId = 'My-PowerBI-Group-Id'

Connect-PowerBIServiceAccount
$accessToken = Get-PowerBIAccessToken

# https://docs.microsoft.com/en-us/rest/api/power-bi/groups/addgroupuser
$params = @{
 "identifier"=$objectId;
 "groupUserAccessRight"="Admin";
 "principalType"="App";
}
Invoke-RestMethod -Headers $accessToken -Method POST -Uri "https://api.powerbi.com/v1.0/myorg/groups/$groupId/users" -Body ($params|ConvertTo-Json) -ContentType "application/json"

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 2 of 3
935 Views
0
JoshT
Advocate II
Advocate II
In response to v-yiruan-msft

‎08-20-2021 04:46 AM

Hi Rena,

Thanks for your reply. If by new workspace you mean V2, then yes I'm trying to add a user to a V2 workspace. If this means it should have been created recently or in the same session, then this means the API isn't fit for purpose as we need to be able to add users to existing workspaces.

 

I'm not trying to add a service principal with this exercise, just an AAD group. As far as I can see, there's only a single object ID associated with an AAD group object, so I can't see that there's any other method of adding this group. I can successfully add this group to workspaces manually and it is mail enabled.

 

Do you know if there's any way of defining the scope parameter for the API call (rather than the cmdlet)? It seems to default to Individual but I'm trying to add to groups I'm not a member of (I am a tenant admin) so need to use the Organization setting

Message 3 of 3
901 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All