Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
Anonymous
Not applicable

Getting error while adding AD Group as a Gateway - Datasource User using API

‎05-24-2021 04:11 AM

I have created a Gateway cluster using the powershell cmdlet DataGateway and added the Service Principal as an admin of that gateway cluster. 

The Service Principal contains the Gateway.ReadWrite.All & DataSet.ReadWrite.All permission scopes.


In the Api documentation(https://docs.microsoft.com/en-us/rest/api/power-bi/gateways/adddatasourceuser) for Add Gateway DataSource User, the request body contains the following parameters:
datasourceAccessRight
displayName
emailAddress
identifier
principalType

 

Since the Datasource is created using API, the Service Principal already exists as a Datasource User.

I am able to add a normal user also by passing the request as:
{ "emailAddress": "john@contoso.com", "datasourceAccessRight": "Read" }

using the API and Service Principal.

 

I tried to add an AD group by following the sample provided in the documentation for service principal:

{ "identifier": "3d9b93c6-7b6d-4801-a491-1738910904fd", "datasourceAccessRight": "ReadOverrideEffectiveIdentity" }

and made some changes to the request JSON by adding principalType as Group:

{

  "datasourceAccessRight": "Read",

  "identifier": "AD group id",

  "principalType": "Group"

}

 

But I am getting the below error:

{"error":{"code":"DMTS_PrincipalsAreInvalidError","pbi.error":{"code":"DMTS_PrincipalsAreInvalidError","parameters":{},"details":[],"exceptionCulprit":1}}}

Why is this error coming? In this documentation page, it is not mentioned about mailEnabled groups only. Also, the request json was created based on the example provided for Service Principal.

Is there any solution to add an AD group as a Gateway - Datasource User ?

Labels:
Message 1 of 3
706 Views
0
2 REPLIES 2
v-lionel-msft
Community Support
Community Support

‎05-25-2021 10:32 PM

Hi @Anonymous ,

 

We can only add 'Office 365 group‘ and 'Mail-Enabled Security group' to the datasource user, so what's your group type?

 

Best regards,
Lionel Chen

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Message 2 of 3
658 Views
Anonymous
Not applicable
In response to v-lionel-msft

‎06-11-2021 08:58 AM

Thanks for the response.
The group type is Security group. Since the sample demonstrates adding a SPN as a Datasource user, I think we should be able to add a security group as well.

Message 3 of 3
604 Views
0

Helpful resources

Announcements
July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All