Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

The ultimate Microsoft Fabric, Power BI, Azure AI & SQL learning event! Join us in Las Vegas from March 26-28, 2024. Use code MSCUST for a $100 discount. Register Now

Reply
starget
New Member

Only group admin can embed group content

(repost of a question I posted in the "Service" forum, but this seems like a more appropriate place)

I am trying to use the "GenerateToken" endpoint that is part of the PowerBI REST API. This endpoint generates an embed token that I want to use to embed reports in an internal application.

I am following the "User Owns Data" auth paradigm. So I am first getting an access token from Azure AD on behalf of a user, then trying to use that access token to authorize a call to the "GenerateToken" endpoint.

I can get a valid access token. But I'm encountering an error (only for one person on my team!) when I try to generate an embed token. I get the following response:

HTTP/1.1 403 Forbidden
Cache-Control: no-store, must-revalidate, no-cache
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: deny
X-Content-Type-Options: nosniff
RequestId: abdb226d-9e2c-4840-960f-0313c4386512
Date: Tue, 06 Feb 2018 17:56:36 GMT

{"error":{"code":"InvalidRequest","message":"Only group admin can embed group content"}}

But everyone on my team is already listed as an admin in the "Edit Workspace" tab of PowerBI, including this particular user. So why does this work for everyone except this one person? Is there another group system somewhere that I'm not aware of?

1 ACCEPTED SOLUTION
madia
Employee
Employee

permissions could take some time to be updated in power BI, please ask the user to ligin to power BI and verify he can see him self as an admin.

 

if you are intrested in "User Owns Data" then the users of your application is not required to generate tokens.

the generate token API is for "App Owns Data". if the app users are power bi users then it seems you indeed need "User Owns Data", you should use the AAD access token to do the embedding.

 

for sample, please refer to: https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data

View solution in original post

3 REPLIES 3
madia
Employee
Employee

permissions could take some time to be updated in power BI, please ask the user to ligin to power BI and verify he can see him self as an admin.

 

if you are intrested in "User Owns Data" then the users of your application is not required to generate tokens.

the generate token API is for "App Owns Data". if the app users are power bi users then it seems you indeed need "User Owns Data", you should use the AAD access token to do the embedding.

 

for sample, please refer to: https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data

Thank you. I'm not sure if it was simply a matter of waiting or cutting out the redundant "GenerateToken" step. But either way, the embed now works for this particular user.

starget
New Member

I am trying to use the "GenerateToken" endpoint that is part of the PowerBI REST API. This endpoint generates an embed token that I want to use to embed reports in an internal application.

I am following the "User Owns Data" auth paradigm. So I am first getting an access token from Azure AD on behalf of a user, then trying to use that access token to authorize a call to the "GenerateToken" endpoint.

I can get a valid access token. But I'm encountering an error (only for one person on my team!) when I try to generate an embed token. I get the following response:

HTTP/1.1 403 Forbidden
Cache-Control: no-store, must-revalidate, no-cache
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: deny
X-Content-Type-Options: nosniff
RequestId: abdb226d-9e2c-4840-960f-0313c4386512
Date: Tue, 06 Feb 2018 17:56:36 GMT

{"error":{"code":"InvalidRequest","message":"Only group admin can embed group content"}}

But everyone on my team is already listed as an admin in the "Edit Workspace" tab of PowerBI, including this particular user. So why does this work for everyone except this one person? Is there another group system somewhere that I'm not aware of?

Helpful resources

Announcements
Fabric Community Conference

Microsoft Fabric Community Conference

Join us at our first-ever Microsoft Fabric Community Conference, March 26-28, 2024 in Las Vegas with 100+ sessions by community experts and Microsoft engineering.

February 2024 Update Carousel

Power BI Monthly Update - February 2024

Check out the February 2024 Power BI update to learn about new features.

Fabric Career Hub

Microsoft Fabric Career Hub

Explore career paths and learn resources in Fabric.

Fabric Partner Community

Microsoft Fabric Partner Community

Engage with the Fabric engineering team, hear of product updates, business opportunities, and resources in the Fabric Partner Community.