Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Power BI is turning 10! Let’s celebrate together with dataviz contests, interactive sessions, and giveaways. Register now.

Reply
starget
New Member

Only group admin can embed group content

‎02-06-2018 10:37 AM

(repost of a question I posted in the "Service" forum, but this seems like a more appropriate place)

I am trying to use the "GenerateToken" endpoint that is part of the PowerBI REST API. This endpoint generates an embed token that I want to use to embed reports in an internal application.

I am following the "User Owns Data" auth paradigm. So I am first getting an access token from Azure AD on behalf of a user, then trying to use that access token to authorize a call to the "GenerateToken" endpoint.

I can get a valid access token. But I'm encountering an error (only for one person on my team!) when I try to generate an embed token. I get the following response:

HTTP/1.1 403 Forbidden
Cache-Control: no-store, must-revalidate, no-cache
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: deny
X-Content-Type-Options: nosniff
RequestId: abdb226d-9e2c-4840-960f-0313c4386512
Date: Tue, 06 Feb 2018 17:56:36 GMT

{"error":{"code":"InvalidRequest","message":"Only group admin can embed group content"}}

But everyone on my team is already listed as an admin in the "Edit Workspace" tab of PowerBI, including this particular user. So why does this work for everyone except this one person? Is there another group system somewhere that I'm not aware of?

Labels:
Message 1 of 4
4,364 Views
0
1 ACCEPTED SOLUTION
madia
Microsoft Employee
Microsoft Employee

‎02-07-2018 05:08 AM

permissions could take some time to be updated in power BI, please ask the user to ligin to power BI and verify he can see him self as an admin.

 

if you are intrested in "User Owns Data" then the users of your application is not required to generate tokens.

the generate token API is for "App Owns Data". if the app users are power bi users then it seems you indeed need "User Owns Data", you should use the AAD access token to do the embedding.

 

for sample, please refer to: https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data

View solution in original post

Message 3 of 4
5,185 Views
0
3 REPLIES 3
madia
Microsoft Employee
Microsoft Employee

‎02-07-2018 05:08 AM

permissions could take some time to be updated in power BI, please ask the user to ligin to power BI and verify he can see him self as an admin.

 

if you are intrested in "User Owns Data" then the users of your application is not required to generate tokens.

the generate token API is for "App Owns Data". if the app users are power bi users then it seems you indeed need "User Owns Data", you should use the AAD access token to do the embedding.

 

for sample, please refer to: https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data

Message 3 of 4
5,186 Views
0
starget
New Member
In response to madia

‎02-07-2018 11:10 AM

Thank you. I'm not sure if it was simply a matter of waiting or cutting out the redundant "GenerateToken" step. But either way, the embed now works for this particular user.

Message 4 of 4
4,346 Views
0
starget
New Member

‎02-06-2018 10:09 AM

I am trying to use the "GenerateToken" endpoint that is part of the PowerBI REST API. This endpoint generates an embed token that I want to use to embed reports in an internal application.

I am following the "User Owns Data" auth paradigm. So I am first getting an access token from Azure AD on behalf of a user, then trying to use that access token to authorize a call to the "GenerateToken" endpoint.

I can get a valid access token. But I'm encountering an error (only for one person on my team!) when I try to generate an embed token. I get the following response:

HTTP/1.1 403 Forbidden
Cache-Control: no-store, must-revalidate, no-cache
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: deny
X-Content-Type-Options: nosniff
RequestId: abdb226d-9e2c-4840-960f-0313c4386512
Date: Tue, 06 Feb 2018 17:56:36 GMT

{"error":{"code":"InvalidRequest","message":"Only group admin can embed group content"}}

But everyone on my team is already listed as an admin in the "Edit Workspace" tab of PowerBI, including this particular user. So why does this work for everyone except this one person? Is there another group system somewhere that I'm not aware of?

Message 2 of 4
4,372 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All