Re: Error 403 when trying to read data form a data...

ElfoEspacial · ‎05-18-2023

Hello everyone,

I'm working on a server-side integration for a client, which needs to connect to the Power BI API and read information from a Data Set. According to the Power BI documentation, this requires the permissions: Report.ReadWrite.All or Report.Read.All.

If I go to Azure and search for the app, these permissions are granted. What catches my attention is that when I generate an access token and try to access the report, it returns a 403 Forbidden error.

I'm not sure if the issue lies in the call that generates the access token, perhaps it's not being made with sufficient permissions.

Currently, I generate the access token with a POST request targeting the URL: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token, withand the following body:

grant_type: client_credentials,
client_id,
client_secret,
scope: https://analysis.windows.net/powerbi/api/.default

If I try to change the scope to "readAll," it tells me that the scope is invalid and must be "/.default."

On the other hand, I understand that the access token generated by this call should be able to access the reports if the app in Azure AD has the necessary permissions. However, when I try to access the report, I receive a 403 error.

Lastly, when trying to acces the data in the report, this is the url I'm targeting:

https://api.powerbi.com/v1.0/myorg/datasets/{dataSetID}/tables/{tableName}/rows

I would greatly appreciate any insights or help in identifying where the problem might be.

Kind regards,

ElfoEspacial · ‎05-25-2023

Hi vi-yiruan, thank you so much for your answer.

I tried everything but without success, but in the end the issue was in the configuration of the Azure AD app, and not having a security group created in Azure AD. Once we created one, we were able to connect to Power BI API using the access token that I showed in my initial post.

Thanks again for the help, have a nice day.

ElfoEspacial

v-yiruan-msft · ‎05-21-2023

Hi @ElfoEspacial ,

According to the error code, it seems that it is caused by insufficient permissions or authentication. You can refer the following links to solve the problem.

API call returns 403

A 403 error can occur for any of the following reasons. A Fiddler capture might be required to investigate further.

The user has exceeded the amount of embed token that can be generated on a shared capacity. Purchase Azure capacities to generate embed tokens and assign the workspace to that capacity. See Create Power BI Embedded capacity in the Azure portal.

The Azure AD authorization token expired.

The authenticated user isn't a member of the group (workspace).

The authenticated user isn't an admin of the group (workspace).

The authenticated user doesn't have permissions. Permissions can be updated using the refreshUserPermissions API.

The authorization header might not be listed correctly. Make sure there are no typos.

The backend of the application might need to refresh the authorization token before calling GenerateToken. For more information, see Refresh the access token.

Solved: Power BI REST API gives 403 error (User does not h... - Microsoft Power BI Community

It seems I found the hidden setting:

https://community.powerbi.com/t5/Service/Manage-Permissions-in-Power-BI-Service/td-p/322832

Apparently, the dataset in the workspace requires the user to be added with "Manage permissions"...

After I did that, the error disappeared.

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Error 403 when trying to read data form a data set

Helpful resources

Power BI September 2023 Update

Learn Live: Event Series