Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
starget
New Member

Only group admin can embed group content

(repost of a question I posted in the "Service" forum, but this seems like a more appropriate place)

I am trying to use the "GenerateToken" endpoint that is part of the PowerBI REST API. This endpoint generates an embed token that I want to use to embed reports in an internal application.

I am following the "User Owns Data" auth paradigm. So I am first getting an access token from Azure AD on behalf of a user, then trying to use that access token to authorize a call to the "GenerateToken" endpoint.

I can get a valid access token. But I'm encountering an error (only for one person on my team!) when I try to generate an embed token. I get the following response:

HTTP/1.1 403 Forbidden
Cache-Control: no-store, must-revalidate, no-cache
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: deny
X-Content-Type-Options: nosniff
RequestId: abdb226d-9e2c-4840-960f-0313c4386512
Date: Tue, 06 Feb 2018 17:56:36 GMT

{"error":{"code":"InvalidRequest","message":"Only group admin can embed group content"}}

But everyone on my team is already listed as an admin in the "Edit Workspace" tab of PowerBI, including this particular user. So why does this work for everyone except this one person? Is there another group system somewhere that I'm not aware of?

1 ACCEPTED SOLUTION
madia
Microsoft Employee
Microsoft Employee

permissions could take some time to be updated in power BI, please ask the user to ligin to power BI and verify he can see him self as an admin.

 

if you are intrested in "User Owns Data" then the users of your application is not required to generate tokens.

the generate token API is for "App Owns Data". if the app users are power bi users then it seems you indeed need "User Owns Data", you should use the AAD access token to do the embedding.

 

for sample, please refer to: https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data

View solution in original post

3 REPLIES 3
madia
Microsoft Employee
Microsoft Employee

permissions could take some time to be updated in power BI, please ask the user to ligin to power BI and verify he can see him self as an admin.

 

if you are intrested in "User Owns Data" then the users of your application is not required to generate tokens.

the generate token API is for "App Owns Data". if the app users are power bi users then it seems you indeed need "User Owns Data", you should use the AAD access token to do the embedding.

 

for sample, please refer to: https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data

Thank you. I'm not sure if it was simply a matter of waiting or cutting out the redundant "GenerateToken" step. But either way, the embed now works for this particular user.

starget
New Member

I am trying to use the "GenerateToken" endpoint that is part of the PowerBI REST API. This endpoint generates an embed token that I want to use to embed reports in an internal application.

I am following the "User Owns Data" auth paradigm. So I am first getting an access token from Azure AD on behalf of a user, then trying to use that access token to authorize a call to the "GenerateToken" endpoint.

I can get a valid access token. But I'm encountering an error (only for one person on my team!) when I try to generate an embed token. I get the following response:

HTTP/1.1 403 Forbidden
Cache-Control: no-store, must-revalidate, no-cache
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: deny
X-Content-Type-Options: nosniff
RequestId: abdb226d-9e2c-4840-960f-0313c4386512
Date: Tue, 06 Feb 2018 17:56:36 GMT

{"error":{"code":"InvalidRequest","message":"Only group admin can embed group content"}}

But everyone on my team is already listed as an admin in the "Edit Workspace" tab of PowerBI, including this particular user. So why does this work for everyone except this one person? Is there another group system somewhere that I'm not aware of?

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

Top Solution Authors