Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Data Days is here! Join us now for 60+ days of learning, challenges, and connection. Learn more

Reply
JamieHut
New Member

Get Activity Events API - PowerBINotAuthorizedException Error

Wednesday

Hi all,

I'm trying to get the report usage data out of the org's Power BI environment, but I keep running into this error: "PowerBINotAuthorizedException"

In order to facilitate this I have registered an app in Entra ID, which has been granted "Tenant.Read.All" privileges for Power BI. I have added the app to a security group, and the security group has been enabled to acces Read-Only APIs in Power BI. The user account running the flow has also been added to the security group for good measure.

JamieHut_1-1781133469151.png

JamieHut_2-1781133683470.png

I have tried in Power Automate and Postman, first generating a token, then trying to query the PBI API with said token, I get the same error in both cases. 
Here's the token generation, I am using our Tenant ID in the URI, client ID & secret from the app:

JamieHut_0-1781133199168.png

I then put that token into the HTTP call, which I have tried with and without parameters (i.e. filtering on username, specific days, either of the above or none of the above).

JamieHut_3-1781134404162.png

I have also done this without the Get Token step, simply using the authentication in the advanced parameters of the HTTP step, which leads to the same error.
I've also additionally tried adding in both the user account that runs the flow and the service principal (app) itself as admins to all the workspaces on Power BI, which made no difference.

Has anyone here encountered (& resolved) this issue?


The API documentation:
https://learn.microsoft.com/en-us/rest/api/power-bi/admin/get-activity-events

 

Labels:
Message 1 of 3
170 Views
0
1 ACCEPTED SOLUTION
v-tejrama
Community Support
Community Support

Thursday

Hi  @JamieHut   ,
Based on your description, it appears that the Entra ID application has been assigned the Power BI Tenant.Read.All application permission. For the Get Activity Events admin API, Microsoft requires that service principal authentication be enabled via the Power BI tenant settings, and that the service principal is included in the designated security group. However, the app registration should not have Power BI admin consent-required permissions like Tenant.Read.All or Tenant.ReadWrite.All. Instead, authorization is managed through the Power BI Admin Portal settings rather than through app registration permissions.
Please check if the access token you are generating is a service principal token by decoding the JWT and reviewing the claims. If so, remove Power BI application permissions from the app registration, allow time for the changes to take effect, generate a new token, and retest the API. Additionally, confirm that the service principal is part of the exact security group specified in the Power BI Admin Portal tenant settings. Workspace Admin permissions are not relevant for this endpoint, as Get Activity Events is a tenant-level Admin API.


If you are using delegated user authentication instead of a service principal, ensure the account has the Fabric Administrator or Power BI Service Administrator role as workspace permissions alone are insufficient for this API.


For further information, please review the Microsoft documentation below
Get Activity Events API - PowerBINotAuthorizedExce... - Microsoft Fabric Community
Admin - Get Activity Events - REST API (Power BI Power BI REST APIs) | Microsoft Learn
Automate Power BI Premium workspace and semantic model tasks with service principals - Microsoft Fab...
OAuth 2.0 client credentials flow on the Microsoft identity platform - Microsoft identity platform |...
Admin API admin settings - Microsoft Fabric | Microsoft Learn

Thank you.

View solution in original post

Message 2 of 3
93 Views
2 REPLIES 2
v-tejrama
Community Support
Community Support

Thursday

Hi  @JamieHut   ,
Based on your description, it appears that the Entra ID application has been assigned the Power BI Tenant.Read.All application permission. For the Get Activity Events admin API, Microsoft requires that service principal authentication be enabled via the Power BI tenant settings, and that the service principal is included in the designated security group. However, the app registration should not have Power BI admin consent-required permissions like Tenant.Read.All or Tenant.ReadWrite.All. Instead, authorization is managed through the Power BI Admin Portal settings rather than through app registration permissions.
Please check if the access token you are generating is a service principal token by decoding the JWT and reviewing the claims. If so, remove Power BI application permissions from the app registration, allow time for the changes to take effect, generate a new token, and retest the API. Additionally, confirm that the service principal is part of the exact security group specified in the Power BI Admin Portal tenant settings. Workspace Admin permissions are not relevant for this endpoint, as Get Activity Events is a tenant-level Admin API.


If you are using delegated user authentication instead of a service principal, ensure the account has the Fabric Administrator or Power BI Service Administrator role as workspace permissions alone are insufficient for this API.


For further information, please review the Microsoft documentation below
Get Activity Events API - PowerBINotAuthorizedExce... - Microsoft Fabric Community
Admin - Get Activity Events - REST API (Power BI Power BI REST APIs) | Microsoft Learn
Automate Power BI Premium workspace and semantic model tasks with service principals - Microsoft Fab...
OAuth 2.0 client credentials flow on the Microsoft identity platform - Microsoft identity platform |...
Admin API admin settings - Microsoft Fabric | Microsoft Learn

Thank you.

Message 2 of 3
94 Views
JamieHut
New Member
In response to v-tejrama

Thursday

Such as simple solution, but exactly what I needed. I removed the Tenant.Read.All permission and it works perfectly! Thank you 🙂

 

Message 3 of 3
67 Views
0

Helpful resources

Announcements
Fabric Data Days is here Carousel

Fabric Data Days 2026

Don't miss out on Data Days, June 15 through August 7. Learn Fabric, Power BI, SQL, AI and more.

May Power BI Update Carousel

Power BI Monthly Update - May 2026

Check out the May 2026 Power BI update to learn about new features.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

View All
Top Kudoed Authors
View All