Check your eligibility for this 50% exam voucher offer and join us for free live learning sessions to get prepared for Exam DP-700.
Get StartedDon't miss out! 2025 Microsoft Fabric Community Conference, March 31 - April 2, Las Vegas, Nevada. Use code MSCUST for a $150 discount. Prices go up February 11th. Register now.
Hello,
I have authorized Contributor access to a specific user in the workspace.
Contributors can delete reports and semantic models uploaded by others.
Is there a way to prevent them from deleting reports or semantic models created by others?
Solved! Go to Solution.
Hi @Lora9999
In Power BI, the default role of a Contributor allows users to perform several tasks, including deleting reports and semantic models (datasets) that were created by others. Unfortunately, there isn't a built-in, granular permission setting specifically for preventing the deletion of reports or datasets created by other users, while still allowing them to manage their own content.
You can check the Microsoft link on Roles in Power BI workspace: - https://learn.microsoft.com/en-us/power-bi/collaborate-share/service-roles-new-workspaces
However, you can implement an alert process which can help here by following the below steps and going through some useful links: -
Step 1: Set Up Power BI Service API Access
First you need to ensure that your application has access to the Power BI Service APIs. This is achieved by registering an application in Azure Active Directory (Azure AD) and granting it necessary permissions.
1.1. Register an Application in Azure AD
1.2. Configure Permissions for Power BI API
1.3. Get Your Client Secret
Step 2: Authenticate and Get Access Token
You need an access token to make requests to the Power BI REST API.
2.1. OAuth 2.0 Authentication
You can authenticate using the client credentials flow in OAuth 2.0. Here’s a sample authentication request using Python:
Python_code
import requests
# Azure AD tenant information
tenant_id = "<tenant_id>"
client_id = "<client_id>"
client_secret = "<client_secret>"
# Authentication URL
url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
# Request headers and body
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
data = {
'grant_type': 'client_credentials',
'client_id': client_id,
'client_secret': client_secret,
'scope': 'https://graph.microsoft.com/.default'
}
# Get access token
response = requests.post(url, headers=headers, data=data)
access_token = response.json().get('access_token')
print(f"Access Token: {access_token}")
Step 3: Monitor Power BI Content Changes
Now that you have the access token, you can use Power BI REST APIs to monitor changes, such as deletions or modifications.
3.1. Retrieve Reports or Datasets
You can use the following APIs to monitor reports and datasets:
Use the GET method to fetch lists of reports or datasets, which you can compare with your previous state to track changes.
3.2. Monitor for Deletions
To track deletions, you can periodically compare the current state of the reports/datasets in your workspace to a saved version (e.g., in a database or file). If a report or dataset is missing in the current state but present in the previous state, it indicates deletion.
Example request to list reports:
Python_code
workspace_id = "<workspace_id>"
url = f"https://api.powerbi.com/v1.0/myorg/groups/{workspace_id}/reports"
headers = {'Content-Type': 'application/json', 'Authorization': f'Bearer {access_token}'}
response = requests.get(url, headers=headers)
reports = response.json()
print(reports)
Step 4: Set Up Notification for Deletion
Once you detect that a report or dataset has been deleted, you can trigger notifications (e.g., via email).
4.1. Send Notification (Example: Email via SMTP)
Here’s an example of sending an email notification when a deletion is detected:
Python_code
import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
# Email credentials
sender_email = "your_email@example.com"
receiver_email = "admin@example.com"
password = "your_email_password"
# Email content
message = MIMEMultipart()
message["From"] = sender_email
message["To"] = receiver_email
message["Subject"] = "Power BI Report Deleted"
body = "A Power BI report was deleted in workspace XYZ. Please review."
message.attach(MIMEText(body, "plain"))
# Send email
server = smtplib.SMTP("smtp.example.com", 587)
server.starttls()
server.login(sender_email, password)
server.sendmail(sender_email, receiver_email, message.as_string())
server.quit()
4.2. Trigger Restore of Deleted Report
You may also want to restore a deleted report. Unfortunately, Power BI does not have a direct "restore" API, but you can manage this by periodically backing up your reports and datasets using the export functionality. When a report is deleted, you can use the saved backup to re-upload it.
Step 5: Automate the Monitoring Process
You can set up a scheduled task or use a cloud function (such as Azure Functions, AWS Lambda) to automate the monitoring process.
For instance, you could use Azure Logic Apps or Power Automate to trigger periodic checks and actions based on changes in your Power BI workspaces.
Useful links:
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @Lora9999
In Power BI, the default role of a Contributor allows users to perform several tasks, including deleting reports and semantic models (datasets) that were created by others. Unfortunately, there isn't a built-in, granular permission setting specifically for preventing the deletion of reports or datasets created by other users, while still allowing them to manage their own content.
You can check the Microsoft link on Roles in Power BI workspace: - https://learn.microsoft.com/en-us/power-bi/collaborate-share/service-roles-new-workspaces
However, you can implement an alert process which can help here by following the below steps and going through some useful links: -
Step 1: Set Up Power BI Service API Access
First you need to ensure that your application has access to the Power BI Service APIs. This is achieved by registering an application in Azure Active Directory (Azure AD) and granting it necessary permissions.
1.1. Register an Application in Azure AD
1.2. Configure Permissions for Power BI API
1.3. Get Your Client Secret
Step 2: Authenticate and Get Access Token
You need an access token to make requests to the Power BI REST API.
2.1. OAuth 2.0 Authentication
You can authenticate using the client credentials flow in OAuth 2.0. Here’s a sample authentication request using Python:
Python_code
import requests
# Azure AD tenant information
tenant_id = "<tenant_id>"
client_id = "<client_id>"
client_secret = "<client_secret>"
# Authentication URL
url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
# Request headers and body
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
data = {
'grant_type': 'client_credentials',
'client_id': client_id,
'client_secret': client_secret,
'scope': 'https://graph.microsoft.com/.default'
}
# Get access token
response = requests.post(url, headers=headers, data=data)
access_token = response.json().get('access_token')
print(f"Access Token: {access_token}")
Step 3: Monitor Power BI Content Changes
Now that you have the access token, you can use Power BI REST APIs to monitor changes, such as deletions or modifications.
3.1. Retrieve Reports or Datasets
You can use the following APIs to monitor reports and datasets:
Use the GET method to fetch lists of reports or datasets, which you can compare with your previous state to track changes.
3.2. Monitor for Deletions
To track deletions, you can periodically compare the current state of the reports/datasets in your workspace to a saved version (e.g., in a database or file). If a report or dataset is missing in the current state but present in the previous state, it indicates deletion.
Example request to list reports:
Python_code
workspace_id = "<workspace_id>"
url = f"https://api.powerbi.com/v1.0/myorg/groups/{workspace_id}/reports"
headers = {'Content-Type': 'application/json', 'Authorization': f'Bearer {access_token}'}
response = requests.get(url, headers=headers)
reports = response.json()
print(reports)
Step 4: Set Up Notification for Deletion
Once you detect that a report or dataset has been deleted, you can trigger notifications (e.g., via email).
4.1. Send Notification (Example: Email via SMTP)
Here’s an example of sending an email notification when a deletion is detected:
Python_code
import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
# Email credentials
sender_email = "your_email@example.com"
receiver_email = "admin@example.com"
password = "your_email_password"
# Email content
message = MIMEMultipart()
message["From"] = sender_email
message["To"] = receiver_email
message["Subject"] = "Power BI Report Deleted"
body = "A Power BI report was deleted in workspace XYZ. Please review."
message.attach(MIMEText(body, "plain"))
# Send email
server = smtplib.SMTP("smtp.example.com", 587)
server.starttls()
server.login(sender_email, password)
server.sendmail(sender_email, receiver_email, message.as_string())
server.quit()
4.2. Trigger Restore of Deleted Report
You may also want to restore a deleted report. Unfortunately, Power BI does not have a direct "restore" API, but you can manage this by periodically backing up your reports and datasets using the export functionality. When a report is deleted, you can use the saved backup to re-upload it.
Step 5: Automate the Monitoring Process
You can set up a scheduled task or use a cloud function (such as Azure Functions, AWS Lambda) to automate the monitoring process.
For instance, you could use Azure Logic Apps or Power Automate to trigger periodic checks and actions based on changes in your Power BI workspaces.
Useful links:
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Thanks for the reply from Pragati11.
Hi @Lora9999 ,
The contributor role does come with deletion permissions to reports, and it is recommended that you choose to assign the viewer role so that you can only only view and interact with reports, dashboards, and other content, but not edit or delete any of it. Or don't assign roles and manage permissions to reports and semantic models.
Best Regards,
Zhu
If there is any post helps, then please consider Accept it as the solution to help the other members find it more quickly.
HI @Lora9999 ,
Unfortunately, Contributor access on a workspace gives them power to delete or update items within the workspace.
You can read more about workspace roles here:
https://learn.microsoft.com/en-us/power-bi/collaborate-share/service-roles-new-workspaces
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!
Check out the January 2025 Power BI update to learn about new features in Reporting, Modeling, and Data Connectivity.
User | Count |
---|---|
21 | |
16 | |
12 | |
10 | |
8 |
User | Count |
---|---|
33 | |
26 | |
19 | |
16 | |
16 |