Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Learn from the best! Meet the four finalists headed to the FINALS of the Power BI Dataviz World Championships! Register now

Reply
daheinri
New Member

Power BI REST APIs - Scoping to specific objects possible?

‎11-15-2022 01:35 AM

Hi everyone,

I'm not familiar with Power BI Rest APIs. One of our departements is using an Anzure App with a service principal. At the moment,

they are able to read all objects in our Tenant, which is not allowed. So I'm looking for some kind of scoping. The only scoping method I used so far, is the Exchange scoping to specific mailboxes, when the Azure App is using application permission, instead of delegated permissions.

That's how the permissions looks like at the moment:

daheinri_0-1668504805678.png

Thanks and best regards

Daniel



Labels:
Message 1 of 4
708 Views
0
1 ACCEPTED SOLUTION
ibarrau
Super User
Super User
In response to daheinri

‎11-16-2022 05:43 AM

The permissions at azure will only specify which actions you are able to do. Think about the azure permissions as tools. You have the tools, but in order to start working you need a desk, or a room. The desk is the permission inside Power Bi Service. You can login in two ways:

- Master user: username and password of the admin or creator of the app registrated.

- Service Principal: create a secret key to login.

For both of them, the API will have the same access as the account or Service Principal. If they are only added to a single workspace, then the API "get_workspaces" will only return ONE workspace.

 

The only way to effectively get everything is using the admin section of the API that would require special permissions. PowerBi Admin for the master users and a defined access to Admin API for the service principal inside a security group. Otherwise the API is restricted as the same permissions you have on the UI. Don't worry about API getting everywhere, it won't happen if they are not admins.

 

I hope that make sense


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

View solution in original post

Message 4 of 4
645 Views
3 REPLIES 3
daheinri
New Member

‎11-16-2022 01:57 AM

Thanks for responding.

The main question is: Is it possible, to limit the accessible objects for the Power BI Rest API?
I don't want the possibility, to access all objects in the tenant, but only a few specific ones.

Message 3 of 4
652 Views
0
ibarrau
Super User
Super User
In response to daheinri

‎11-16-2022 05:43 AM

The permissions at azure will only specify which actions you are able to do. Think about the azure permissions as tools. You have the tools, but in order to start working you need a desk, or a room. The desk is the permission inside Power Bi Service. You can login in two ways:

- Master user: username and password of the admin or creator of the app registrated.

- Service Principal: create a secret key to login.

For both of them, the API will have the same access as the account or Service Principal. If they are only added to a single workspace, then the API "get_workspaces" will only return ONE workspace.

 

The only way to effectively get everything is using the admin section of the API that would require special permissions. PowerBi Admin for the master users and a defined access to Admin API for the service principal inside a security group. Otherwise the API is restricted as the same permissions you have on the UI. Don't worry about API getting everywhere, it won't happen if they are not admins.

 

I hope that make sense


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 4 of 4
646 Views
ibarrau
Super User
Super User

‎11-15-2022 06:45 AM

Hi. I'm not sure what the question is. I can just say that User.Read with Graph would be enough. You can pick the PowerBi Service permissions that you need to start using the API.

If you are using a secret, be sure the Tenant Settings under Admin Portal of PowerBi Service have the use of Service Principal Enabled.

I hope that helps,


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 2 of 4
662 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

February Power BI Update Carousel

Power BI Monthly Update - February 2026

Check out the February 2026 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All