Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes! Register now.

Reply
starget
New Member

Only group admin can embed group content

‎02-06-2018 10:37 AM

(repost of a question I posted in the "Service" forum, but this seems like a more appropriate place)

I am trying to use the "GenerateToken" endpoint that is part of the PowerBI REST API. This endpoint generates an embed token that I want to use to embed reports in an internal application.

I am following the "User Owns Data" auth paradigm. So I am first getting an access token from Azure AD on behalf of a user, then trying to use that access token to authorize a call to the "GenerateToken" endpoint.

I can get a valid access token. But I'm encountering an error (only for one person on my team!) when I try to generate an embed token. I get the following response:

HTTP/1.1 403 Forbidden
Cache-Control: no-store, must-revalidate, no-cache
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: deny
X-Content-Type-Options: nosniff
RequestId: abdb226d-9e2c-4840-960f-0313c4386512
Date: Tue, 06 Feb 2018 17:56:36 GMT

{"error":{"code":"InvalidRequest","message":"Only group admin can embed group content"}}

But everyone on my team is already listed as an admin in the "Edit Workspace" tab of PowerBI, including this particular user. So why does this work for everyone except this one person? Is there another group system somewhere that I'm not aware of?

Labels:
Message 1 of 4
4,575 Views
0
1 ACCEPTED SOLUTION
madia
Microsoft Employee
Microsoft Employee

‎02-07-2018 05:08 AM

permissions could take some time to be updated in power BI, please ask the user to ligin to power BI and verify he can see him self as an admin.

 

if you are intrested in "User Owns Data" then the users of your application is not required to generate tokens.

the generate token API is for "App Owns Data". if the app users are power bi users then it seems you indeed need "User Owns Data", you should use the AAD access token to do the embedding.

 

for sample, please refer to: https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data

View solution in original post

Message 3 of 4
5,396 Views
0
3 REPLIES 3
madia
Microsoft Employee
Microsoft Employee

‎02-07-2018 05:08 AM

permissions could take some time to be updated in power BI, please ask the user to ligin to power BI and verify he can see him self as an admin.

 

if you are intrested in "User Owns Data" then the users of your application is not required to generate tokens.

the generate token API is for "App Owns Data". if the app users are power bi users then it seems you indeed need "User Owns Data", you should use the AAD access token to do the embedding.

 

for sample, please refer to: https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data

Message 3 of 4
5,397 Views
0
starget
New Member
In response to madia

‎02-07-2018 11:10 AM

Thank you. I'm not sure if it was simply a matter of waiting or cutting out the redundant "GenerateToken" step. But either way, the embed now works for this particular user.

Message 4 of 4
4,557 Views
0
starget
New Member

‎02-06-2018 10:09 AM

I am trying to use the "GenerateToken" endpoint that is part of the PowerBI REST API. This endpoint generates an embed token that I want to use to embed reports in an internal application.

I am following the "User Owns Data" auth paradigm. So I am first getting an access token from Azure AD on behalf of a user, then trying to use that access token to authorize a call to the "GenerateToken" endpoint.

I can get a valid access token. But I'm encountering an error (only for one person on my team!) when I try to generate an embed token. I get the following response:

HTTP/1.1 403 Forbidden
Cache-Control: no-store, must-revalidate, no-cache
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: deny
X-Content-Type-Options: nosniff
RequestId: abdb226d-9e2c-4840-960f-0313c4386512
Date: Tue, 06 Feb 2018 17:56:36 GMT

{"error":{"code":"InvalidRequest","message":"Only group admin can embed group content"}}

But everyone on my team is already listed as an admin in the "Edit Workspace" tab of PowerBI, including this particular user. So why does this work for everyone except this one person? Is there another group system somewhere that I'm not aware of?

Message 2 of 4
4,583 Views
0

Helpful resources

Announcements
September Power BI Update Carousel

Power BI Monthly Update - September 2025

Check out the September 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All