Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Vote for your favorite vizzies from the Power BI Dataviz World Championship submissions. Vote now!

Reply
Anonymous
Not applicable

Getting error while adding AD Group as a Gateway - Datasource User using API

‎05-24-2021 04:11 AM

I have created a Gateway cluster using the powershell cmdlet DataGateway and added the Service Principal as an admin of that gateway cluster. 

The Service Principal contains the Gateway.ReadWrite.All & DataSet.ReadWrite.All permission scopes.


In the Api documentation(https://docs.microsoft.com/en-us/rest/api/power-bi/gateways/adddatasourceuser) for Add Gateway DataSource User, the request body contains the following parameters:
datasourceAccessRight
displayName
emailAddress
identifier
principalType

 

Since the Datasource is created using API, the Service Principal already exists as a Datasource User.

I am able to add a normal user also by passing the request as:
{ "emailAddress": "john@contoso.com", "datasourceAccessRight": "Read" }

using the API and Service Principal.

 

I tried to add an AD group by following the sample provided in the documentation for service principal:

{ "identifier": "3d9b93c6-7b6d-4801-a491-1738910904fd", "datasourceAccessRight": "ReadOverrideEffectiveIdentity" }

and made some changes to the request JSON by adding principalType as Group:

{

  "datasourceAccessRight": "Read",

  "identifier": "AD group id",

  "principalType": "Group"

}

 

But I am getting the below error:

{"error":{"code":"DMTS_PrincipalsAreInvalidError","pbi.error":{"code":"DMTS_PrincipalsAreInvalidError","parameters":{},"details":[],"exceptionCulprit":1}}}

Why is this error coming? In this documentation page, it is not mentioned about mailEnabled groups only. Also, the request json was created based on the example provided for Service Principal.

Is there any solution to add an AD group as a Gateway - Datasource User ?

Labels:
Message 1 of 3
980 Views
0
2 REPLIES 2
v-lionel-msft
Community Support
Community Support

‎05-25-2021 10:32 PM

Hi @Anonymous ,

 

We can only add 'Office 365 group‘ and 'Mail-Enabled Security group' to the datasource user, so what's your group type?

 

Best regards,
Lionel Chen

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Message 2 of 3
932 Views
Anonymous
Not applicable
In response to v-lionel-msft

‎06-11-2021 08:58 AM

Thanks for the response.
The group type is Security group. Since the sample demonstrates adding a SPN as a Datasource user, I think we should be able to add a security group as well.

Message 3 of 3
878 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

Vote for your favorite vizzies from the Power BI World Championship submissions!

Sticker Challenge 2026 Carousel

Join our Community Sticker Challenge 2026

If you love stickers, then you will definitely want to check out our Community Sticker Challenge!

January Power BI Update Carousel

Power BI Monthly Update - January 2026

Check out the January 2026 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All