Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreGet certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now
I need to get a list of all the Gateway clusters that is available in power bi portal. I went through the Rest Apis documentation(https://docs.microsoft.com/en-us/rest/api/power-bi/gateways/getgateway) and found that this API requires gateway admin permissions. I am using a Service Principal and have the permissions scope Gateway.ReadWrite.All & DataSet.ReadWrite.All set.
From the Power Bi portal, it is not possible to add a Service Principal as a gateway admin. I tried the following steps and not able to succeed:
On further analysis, found the powershell cmdlet DataGateway. Using this cmdlet, I am able to create a new gateway cluster with Service Principal as an admin and this gateway cluster is getting listed in the Get Gateways api.
But, I am not able to add the Service Principal as an admin to existing gateways using this powershell cmdlets also.
Is this the only possible solution to add a Service Principal as an admin to a Gateway Cluster ?
Is there any option to add Service Principal as an admin user to an existing Gateway Cluster using this powershell script ?
Do we have any API to add the Service Principal as an admin to the existing Gateway Cluster ?
Solved! Go to Solution.
Hi @Anonymous ,
Within the Power BI Admin portal, we need to ensure that our Tenant settings allow service principals to use Power BI APIs. In addition, you can restrict access to the APIs through security groups.
For more details,please refer to:
https://www.serverlessnotes.com/docs/list-gateways-power-bi-rest-api
Best Regards,
Liang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
The unique solution : via powershell & api run
It's Impossible to add manually a AAD Service Principal to a gateway (As admin for example , to be used on python & pbi gateway apis)
But it can be done via Powershell
Hi
On my opinion , for aleady existing on prem. gataways , ADD the Service principal as gateway Admin
<-- run via powershell only
https://blog.jpries.com/2021/11/25/adding-a-non-email-enabled-object-to-power-bi-gateway-cluster-use...
No chance for me via anothers methods ... but I get your opinions
On python call gateways inventory API via this SP connection
Hi
It's Impossible to add manually a AAD SP to a gateway (As admin for example)
But it can be done via Powershell
did you manage to find a solution to adding a Service principal to an existing gateway on PBI?
Hi @Anonymous ,
Within the Power BI Admin portal, we need to ensure that our Tenant settings allow service principals to use Power BI APIs. In addition, you can restrict access to the APIs through security groups.
For more details,please refer to:
https://www.serverlessnotes.com/docs/list-gateways-power-bi-rest-api
Best Regards,
Liang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @sreejiths,
I hope this topic is not stale for you.*
1- As advised in the documentation, add your Service Principal to a Security Group
2- Then go to the Power Platform Admin Portal > Data section and add this Security Group to your Gateway's Admins
Your Service Principal will then have access to the gateway.
Hope this helps !
Franck
Thanks for the reponse. The tenant level developer settings for using SPN are already given and as I mentioned in the above description, I was able to list the gateways that are created using the Powershell cmdlet. My concern is regarding adding the SPN as an admin to the the gateways that exists already.
I am also having this problem, my SP is in a security group ,I have added the security group as admin on all the gateways, I have this security group allowed to use all the APIs in Power BI tenant settings.
Still, the SP call to api.powerbi.com/v1.0/myorg/gateways returns an empty list.
The SP is able to call all other API endpoints I have tried without a problem.
@duncanmi I am having the same issue. Is this something you where able to resolve?
I've just made it work!! I removed the Service Principal Security Group from the Gateway and re-added it.
The only difference this time was I added it as an Admin at the first instance, my previous attempt I initially added the Security Group as a Content Creator then later switched it to Admin. Might help someone.
Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
User | Count |
---|---|
4 | |
2 | |
2 | |
2 | |
1 |