Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us for an expert-led overview of the tools and concepts you'll need to become a Certified Power BI Data Analyst and pass exam PL-300. Register now.

Reply
daheinri
New Member

Power BI REST APIs - Scoping to specific objects possible?

‎11-15-2022 01:35 AM

Hi everyone,

I'm not familiar with Power BI Rest APIs. One of our departements is using an Anzure App with a service principal. At the moment,

they are able to read all objects in our Tenant, which is not allowed. So I'm looking for some kind of scoping. The only scoping method I used so far, is the Exchange scoping to specific mailboxes, when the Azure App is using application permission, instead of delegated permissions.

That's how the permissions looks like at the moment:

daheinri_0-1668504805678.png

Thanks and best regards

Daniel



Labels:
Message 1 of 4
417 Views
0
1 ACCEPTED SOLUTION
ibarrau
Super User
Super User
In response to daheinri

‎11-16-2022 05:43 AM

The permissions at azure will only specify which actions you are able to do. Think about the azure permissions as tools. You have the tools, but in order to start working you need a desk, or a room. The desk is the permission inside Power Bi Service. You can login in two ways:

- Master user: username and password of the admin or creator of the app registrated.

- Service Principal: create a secret key to login.

For both of them, the API will have the same access as the account or Service Principal. If they are only added to a single workspace, then the API "get_workspaces" will only return ONE workspace.

 

The only way to effectively get everything is using the admin section of the API that would require special permissions. PowerBi Admin for the master users and a defined access to Admin API for the service principal inside a security group. Otherwise the API is restricted as the same permissions you have on the UI. Don't worry about API getting everywhere, it won't happen if they are not admins.

 

I hope that make sense


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

View solution in original post

Message 4 of 4
354 Views
3 REPLIES 3
daheinri
New Member

‎11-16-2022 01:57 AM

Thanks for responding.

The main question is: Is it possible, to limit the accessible objects for the Power BI Rest API?
I don't want the possibility, to access all objects in the tenant, but only a few specific ones.

Message 3 of 4
361 Views
0
ibarrau
Super User
Super User
In response to daheinri

‎11-16-2022 05:43 AM

The permissions at azure will only specify which actions you are able to do. Think about the azure permissions as tools. You have the tools, but in order to start working you need a desk, or a room. The desk is the permission inside Power Bi Service. You can login in two ways:

- Master user: username and password of the admin or creator of the app registrated.

- Service Principal: create a secret key to login.

For both of them, the API will have the same access as the account or Service Principal. If they are only added to a single workspace, then the API "get_workspaces" will only return ONE workspace.

 

The only way to effectively get everything is using the admin section of the API that would require special permissions. PowerBi Admin for the master users and a defined access to Admin API for the service principal inside a security group. Otherwise the API is restricted as the same permissions you have on the UI. Don't worry about API getting everywhere, it won't happen if they are not admins.

 

I hope that make sense


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 4 of 4
355 Views
ibarrau
Super User
Super User

‎11-15-2022 06:45 AM

Hi. I'm not sure what the question is. I can just say that User.Read with Graph would be enough. You can pick the PowerBi Service permissions that you need to start using the API.

If you are using a secret, be sure the Tenant Settings under Admin Portal of PowerBi Service have the use of Service Principal Enabled.

I hope that helps,


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 2 of 4
371 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All