cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fabric is Generally Available. Browse Fabric Presentations. Work towards your Fabric certification with the Cloud Skills Challenge.

Reply
Ian_Altis
Advocate III
Advocate III

Deployment Pipeline permissions

‎06-26-2023 06:25 AM

I want to be able to assign Contributors the ability to deploy to PROD but not to create the App.  The idea is to use the PROD Workspace as Pre-Prod and the App as PROD.  

Is this possible?

Thanks,

 

Ian

Labels:
Message 1 of 3
248 Views
0
1 ACCEPTED SOLUTION
ibarrau
Super User
Super User

‎06-26-2023 10:40 AM

Hi. That's not possible. The role for deploy and upgrade app are the same. I don't think there is a role to only deploy and not upgrade. You can check permissions at the following docs:
- Deployment pipelines: https://learn.microsoft.com/en-us/power-bi/create-reports/deployment-pipelines-process#permissions-t...

- Workspaces: https://learn.microsoft.com/en-us/power-bi/collaborate-share/service-roles-new-workspaces#workspace-...

As an alternative, you could create a script for Deploy with Service Principal using the Power Bi Rest API. Let the Contributor a permission for running the script. You could use runbooks, azure functions or even local things with the secrets hidden. That way the contributor can't update the app but they could deploy with the script. You can check the request from here: 

https://learn.microsoft.com/en-us/rest/api/power-bi/pipelines/selective-deploy

There are cmdlets for powershell or libraries for python like SimplePBI.

I hope that helps,


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

View solution in original post

Message 2 of 3
221 Views
0
2 REPLIES 2
ibarrau
Super User
Super User

‎06-26-2023 10:40 AM

Hi. That's not possible. The role for deploy and upgrade app are the same. I don't think there is a role to only deploy and not upgrade. You can check permissions at the following docs:
- Deployment pipelines: https://learn.microsoft.com/en-us/power-bi/create-reports/deployment-pipelines-process#permissions-t...

- Workspaces: https://learn.microsoft.com/en-us/power-bi/collaborate-share/service-roles-new-workspaces#workspace-...

As an alternative, you could create a script for Deploy with Service Principal using the Power Bi Rest API. Let the Contributor a permission for running the script. You could use runbooks, azure functions or even local things with the secrets hidden. That way the contributor can't update the app but they could deploy with the script. You can check the request from here: 

https://learn.microsoft.com/en-us/rest/api/power-bi/pipelines/selective-deploy

There are cmdlets for powershell or libraries for python like SimplePBI.

I hope that helps,


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 2 of 3
222 Views
0
Ian_Altis
Advocate III
Advocate III
In response to ibarrau

‎06-27-2023 12:37 AM

Many thanks, I had read the articles and that is what I thought but I appreciate the confirmation. 

 

The other solution you have proposed will undoubtedly work but will add cost & complexity methinks.  I think the interim solution is to give them Member access and trust them not to update the App.  

 

I will add this as an idea too.

Message 3 of 3
215 Views

Helpful resources

Announcements
PBI November 2023 Update Carousel

Power BI Monthly Update - November 2023

Check out the November 2023 Power BI update to learn about new features.

Community News

Fabric Community News unified experience

Read the latest Fabric Community announcements, including updates on Power BI, Synapse, Data Factory and Data Activator.

Power BI Fabric Summit Carousel

The largest Power BI and Fabric virtual conference

130+ sessions, 130+ speakers, Product managers, MVPs, and experts. All about Power BI and Fabric. Attend online or watch the recordings.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All