Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Power BI is turning 10! Let’s celebrate together with dataviz contests, interactive sessions, and giveaways. Register now.

Reply
FabricUser101
New Member

Can't add dataset application perms for Power BI Azure integration?

‎06-04-2025 05:25 AM

I'm trying to let a Service Principal account refresh my Power BI semantic model from a Python script. I've registered the app through Azure. I've done:

  1. Added the Service Principal account to the workspace.
  2. I've enabled Service Principals to use Fabric APIs and have been personally added to an included security group, though the Service Principal is not in one of those groups yet
  3. I've tried doing enabling Service principals can access read-only admin APIs

But when I go to add API application permissions, I only see Tenant permissions. I can see the dataset ones for delegated permissions, but I need these for applications instead. Am I missing something besides adding the app to a security group?

Labels:
Message 1 of 5
252 Views
0
1 ACCEPTED SOLUTION
V-yubandi-msft
Community Support
Community Support

‎06-05-2025 12:55 AM

Hi @FabricUser101 ,

Thank you for reaching out. I understand you’re trying to refresh a Power BI semantic model using a Service Principal and a Python script, but you’re encountering issues because you can’t find the Dataset.ReadWrite.All application permission in Azure, and your script likely fails with a permissions error.

 

In addition to @Akash_Varuna & @tackytechtom  responses.

 

Since you’ve already enabled  Allow service principals to use Fabric APIs,  let’s add your Service Principal to an allowed group. Confirm Allow service principals to use Fabric APIs  is enabled, select Specific security groups, and add your PowerBI ServicePrincipals group.
 Automate Power BI Premium workspace and semantic model tasks with service principals - Power BI | Mi...

 

You’ve added the Service Principal to the workspace, but let's make sure it has the correct role. Verify that your Service Principal (its security group) has at least the Contributor role (Admin is also acceptable). This role allows it to refresh the semantic model.

Roles in workspaces in Power BI - Power BI | Microsoft Learn

Regards,

Yugandhar.

View solution in original post

Message 4 of 5
194 Views
4 REPLIES 4
FabricUser101
New Member

‎06-05-2025 05:16 AM

Thank you @Akash_Varuna and @V-yubandi-msft ! Adding the service principal to a security group that was included in the allowed security groups was all I needed. I don't even need to select which API perms. 

Message 5 of 5
180 Views
V-yubandi-msft
Community Support
Community Support

‎06-05-2025 12:55 AM

Hi @FabricUser101 ,

Thank you for reaching out. I understand you’re trying to refresh a Power BI semantic model using a Service Principal and a Python script, but you’re encountering issues because you can’t find the Dataset.ReadWrite.All application permission in Azure, and your script likely fails with a permissions error.

 

In addition to @Akash_Varuna & @tackytechtom  responses.

 

Since you’ve already enabled  Allow service principals to use Fabric APIs,  let’s add your Service Principal to an allowed group. Confirm Allow service principals to use Fabric APIs  is enabled, select Specific security groups, and add your PowerBI ServicePrincipals group.
 Automate Power BI Premium workspace and semantic model tasks with service principals - Power BI | Mi...

 

You’ve added the Service Principal to the workspace, but let's make sure it has the correct role. Verify that your Service Principal (its security group) has at least the Contributor role (Admin is also acceptable). This role allows it to refresh the semantic model.

Roles in workspaces in Power BI - Power BI | Microsoft Learn

Regards,

Yugandhar.

Message 4 of 5
195 Views
Akash_Varuna
Community Champion
Community Champion

‎06-04-2025 11:47 PM

Hi @FabricUser101 Add the Service Principal to a security group with Power BI and Fabric API access. In Azure, grant application permissions for Power BI APIs, using Microsoft Graph if necessary. Enable Service Principal for APIs in Power BI Admin settings and include the security group. Finally, have an admin grant consent to the permissions in Azure.

Message 3 of 5
199 Views
tackytechtom
Super User
Super User

‎06-04-2025 09:02 AM

Hi @FabricUser101 ,

 

I happened to have written a couple of blog articles about refreshing semantic models, where the setup is also explained:
https://www.tackytech.blog/how-to-refresh-power-bi-datasets-from-data-factory-with-managed-identity/...

 

In the case above, we used a data factory pipeline that refreshed a semantic model via managed identity. However, the concept with security groups and allowing APIs and stuff, should be the same (see step 1 and 2).

 

Can you try it the way its explained in the blog article? If this does not work, can you provide some more information on from where you wanna do the refresh call e.g. is it a notebook inside fabric? Then you could use semantic-link for that.

 

/Tom
https://www.tackytech.blog/
https://www.instagram.com/tackytechtom/

 

 



Did I answer your question➡️ Please, mark my post as a solution ✔️

Also happily accepting Kudos 🙂

Feel free to connect with me on LinkedIn! linkedIn

#proudtobeasuperuser 

Message 2 of 5
219 Views
0

Helpful resources

Announcements
June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All