Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get inspired! Check out the entries from the Power BI DataViz World Championships preliminary rounds and give kudos to your favorites. View the vizzies.

Reply
trebllaw
Frequent Visitor

Embed from a shared capacity workspace not working

‎04-12-2024 11:07 AM

So here is the our scenario at our company:

  1. One of our reporting development team has a process that calls a report programmatically using the workspace id and report id and embeds it on one of our internal websites.
  2. They are using an Azure Application using the client id and secret method to authenticate
  3. A security group which has the Azure Application as a member of is added to workspaces where they plan to pull the report from.

From what they are saying, it was working previously for workspaces on the shared capacity (no issues for workspaces in the premium capacity). Now they are receiving "Operation returned and invalid status code 'Forbidden'"

 

Does anyone know what changed? I havent, as the Power BI Administrator, changed anything on the Tenant settings.

Labels:
Message 1 of 3
221 Views
0
2 REPLIES 2
v-yohua-msft
Community Support
Community Support

‎04-14-2024 06:54 PM

Hi, @trebllaw 

Another key aspect to check is the permissions assigned to Azure applications in Microsoft Entra. Ensure that the application has the required permissions to access Power BI content and hasn't made any changes that could affect its access. For more information about setting up Azure application permissions for Power BI, you can refer to the following documentation:

Enable service principal authentication for read-only admin APIs - Power BI | Microsoft Learn

 

How to Get Your Question Answered Quickly 

Best Regards

Yongkang Hua

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 3 of 3
147 Views
0
AnalyticsWizard
Super User
Super User

‎04-12-2024 12:27 PM

@trebllaw 

The issue you're experiencing with the "Forbidden" status code when attempting to access reports programmatically suggests that there might be a permissions or configuration problem, especially as it pertains to workspaces on shared capacities. Here are some steps and considerations that can help you troubleshoot and potentially resolve this issue:

 

1. **Check Workspace Access**: Verify that the Azure application (service principal) still has access to the workspaces in question. Even though you mentioned that a security group with the Azure application as a member is added to these workspaces, it's good to double-check the current access rights directly in the workspace settings.

 

2. **Examine Service Principal Permissions**: Ensure that the service principal associated with the Azure application has the appropriate API permissions set in Azure AD. It should have the necessary permissions to view and interact with Power BI workspaces and datasets. You might need to review and perhaps re-consent to the API permissions if they were modified or if policies governing these permissions changed.

 

3. **Tenant Settings Review**: Although you noted that no changes were made to the Tenant settings, it's beneficial to review them to ensure that nothing was altered inadvertently that could impact service principals. Look specifically at settings under "Admin Portal" > "Tenant settings" related to developer settings and service principal usage.

 

4. **Review Azure AD Group Membership**: Confirm that the security group (that includes the Azure application) has not been modified or removed accidentally from the workspace access list in Power BI.

 

5. **License and Capacity Issues**: Shared capacity and Premium capacity have different characteristics regarding API access and concurrent usage limits. Ensure that the limits imposed by the shared capacity are not being exceeded, which could potentially lead to access issues.

 

6. **Audit Logs and Error Messages**: Check the audit logs in both Azure AD and Power BI for any additional

information about the denied access attempts. These logs can provide clues about what might be going wrong.

 

7. **Authentication and Token Acquisition**: Verify that the authentication process and token acquisition steps are functioning as expected. Ensure that the client ID and secret used for the Azure application are current and have not expired.

 

8. **Network and Security Changes**: Consider if there have been any network or security policy changes in your organization that might affect communication between your internal website and the Power BI service.

If these steps do not resolve the issue, you might need to reach out to Microsoft Support for a deeper investigation into this problem, especially to understand if there have been any changes in how shared capacities handle service principal access.

 

If this post helps, please consider Accepting it as the solution to help the other members find it more quickly.
Appreciate your Kudo 👍

Message 2 of 3
195 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

FebPBI_Carousel

Power BI Monthly Update - February 2025

Check out the February 2025 Power BI update to learn about new features.

Feb2025 NL Carousel

Fabric Community Update - February 2025

Find out what's new and trending in the Fabric community.

View All