Solved: Re: REST API - DataflowUnauthorizedError - You do ...

chandara · ‎06-21-2024

I'm following this document, https://learn.microsoft.com/en-us/rest/api/power-bi/dataflows/get-dataflow-transactions , t

So, I'm accessing this dataflow transactions endpoint https://api.powerbi.com/v1.0/myorg/groups/{groupId}/dataflows/{dataflowId}/transactions via REST API but recieved

{"error":{"code":"DataflowUnauthorizedError","message":"You do not have permissions to manage this dataflow."}}

I was able to fetch the Dataflow lists level by using https://api.powerbi.com/v1.0/myorg/admin/groups/{groupId}/dataflows instead of https://api.powerbi.com/v1.0/myorg/groups/{groupId}/dataflows because fetching this one got

{'error': {'code': 'DataflowInternalError', 'pbi.error': {...}}}

I used an app credentials which registered in Azure AD, which I asked the admin to enabled required permissions:

Dataflow.Read.All

chandara · ‎06-24-2024

Managed to solve it!

In the question I mentioned that I can't GET https://api.powerbi.com/v1.0/myorg/groups/{groupId}/dataflows from a specific {groupId}, it is because I don't have access to that workspace, somehow I did get that workspace from /admin scope. So when I tried to access https://api.powerbi.com/v1.0/myorg/groups/{groupId}/dataflows/{dataflowId}/transactions it gives me the DataflowUnauthorizedError.

Conclusion, I had to add the registered app to the workspace and have the Data.Flow.Readall scope.

View solution in original post

chandara · ‎06-24-2024

Managed to solve it!

In the question I mentioned that I can't GET https://api.powerbi.com/v1.0/myorg/groups/{groupId}/dataflows from a specific {groupId}, it is because I don't have access to that workspace, somehow I did get that workspace from /admin scope. So when I tried to access https://api.powerbi.com/v1.0/myorg/groups/{groupId}/dataflows/{dataflowId}/transactions it gives me the DataflowUnauthorizedError.

Conclusion, I had to add the registered app to the workspace and have the Data.Flow.Readall scope.

lbendlin · ‎06-21-2024

Check your token at jwt.io - it may be missing the required scope.

chandara · ‎06-23-2024

So just to break down, I request the token with this info

{
        'grant_type': 'client_credentials',
        'login_url': 'https://login.microsoftonline.com/{tenant_guid}/oauth2/v2.0/token',
        'scope': 'https://graph.microsoft.com/.default'
}

I believe the scope is automatically resolve?

chandara · ‎06-23-2024

{
  "aud": "https://analysis.windows.net/powerbi/api",
  "iss": "https://sts.windows.net/[REDACTED]/",
  "iat": 1719196276,
  "nbf": 1719196276,
  "exp": 1719200176,
  "aio": "E2dgYLgrz3f3c6PCxuraFxsVVVftBgA=",
  "appid": "[REDACTED]",
  "appidacr": "1",
  "idp": "https://sts.windows.net/[REDACTED]/",
  "idtyp": "app",
  "oid": "[REDACTED]",
  "rh": "0.ATkAYkkmpb624k-pdnh1y3Dc8QkAAAAAAAAAwAAAAAAAAAA5AAA.",
  "sub": "[REDACTED]",
  "tid": "[REDACTED]",
  "uti": "r-AHRRWExUeLbRCdD1U8AA",
  "ver": "1.0",
  "xms_idrel": "6 7"
}

Thank you for your response, and sorry for getting back late!

Here is the payload from jwt.io, but I don't know which field is referred to scope!

REST API - DataflowUnauthorizedError - You do not have permissions to manage this dataflow

Helpful resources

Power BI Monthly Update - August 2025

Fabric Community Update - August 2025

Join us at FabCon Vienna from September 15-18, 2025

REST API - DataflowUnauthorizedError - You do not have permissions to manage this dataflow

Helpful resources

Power BI Monthly Update - August 2025

Fabric Community Update - August 2025