Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
pedrosilvacreit
Regular Visitor

Error 403 "User is not authorized" returned when calling GenerateTokenInGroup Power BI API

‎12-19-2024 09:55 AM

Hello.

 

I'm trying to use service principal to authenticate an Entra ID app, to then generate a token to use to embed a Power BI report. I've followed the steps in this link, register the app, without permission has the advice, created the security group, enabled the Power BI service admin settings and added service principal to the workspace. The call to acquire the client token is successful and returns an access token. This is a screenshot of the parameters (I've omitted the sensitive data):

pedrosilvacreit_0-1734613047854.png

However, using the access token returned in the GenerateTokenInGroup request, is returning a 403 error response, with this message: 

{
    "error": {
        "code": "Unauthorized",
        "message": "User is not authorized"
    }
}

I've seen a lot of documentation, but I still haven't understood the issue. I've read somewhere that service principal authentication might not work with GenerateTokenInGroup, but found no definitive answer or an alternative solution. The documentation available is not very clear and misses important points. 

 

Any help would be greatly appreciated.

 

Thank you. 

Labels:
Message 1 of 4
943 Views
0
3 REPLIES 3
Anonymous
Not applicable

‎12-20-2024 12:11 AM

Hi @pedrosilvacreit ,

Base on your description, it seems like it is authentication error. Could you please check the following info for the further troubleshooting?

1. Did you add API permission 'Dataset.Read.All' and 'Report.Read.All', make sure to grant admin consent for these permissionsvyiruanmsft_0-1734681491402.png

 

2. Did you grant the security group which service principal be added in the Admin or Member role to the workspace?Embed Power BI content in an embedded analytics application with service principal and an applicatio... 

3. Please refer the following links to try to solve the problem:

Solved: Getting 403 when calling power bi rest api from po... - Microsoft Fabric Community

API call returns 403

Best Regards

Message 2 of 4
875 Views
0
pedrosilvacreit
Regular Visitor
In response to Anonymous

‎12-20-2024 01:33 AM

Hello @Anonymous!

 

Thanks for your response.

 

1. No, I don't have those API permissions added. The documentation I saw said that service principal authentication didn't require API permissions.

2. Yes, I've granted both the service principal and the security groups the Admin role to the workspace.

 

 

Message 3 of 4
861 Views
0
Anonymous
Not applicable
In response to pedrosilvacreit

‎12-23-2024 01:08 AM

Hi @pedrosilvacreit ,

Thanks for your reply. Could you please check the following info?

1. Make sure the client id and client secret fill in correctly, especially for the value of client secret. You can refer the following links to get them

Client ID

Client secret

2. Enable the Power BI service admin settings

Enable Embed content in appsEnable Embed content in apps

Enable Allow service principals to use Power BI APIsEnable Allow service principals to use Power BI APIs

Permission tokens needed to embed a Power BI app - Power BI | Microsoft Learn

Best Regards

Message 4 of 4
766 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All