The ultimate Microsoft Fabric, Power BI, Azure AI, and SQL learning event: Join us in Stockholm, September 24-27, 2024.
Save €200 with code MSCUST on top of early bird pricing!
Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started
All the Dataset API's are giving forbidden error when hit through Service Principle.
Service Priciple App is having access of Tenant.ReadWrite.All but still its not accessible. Appreciate any lead it making Dataset and Gateway API work through service principle.
Fixed my problem by using RefreshDatasetInGroupAsync (must be the one that has both the group {workspace} and dataset ID)
DId you ever find a solution? Having the same problem, service principal can do other things like get the workspaces, datasets, etc. but I'm getting "Forbidden" when using Datasets.RefreshDataset (or the async version).
Hi , @nishanttayal
As far as I know, the 403 error code is usually caused by insufficient permissions or being prohibited from the server for this requested operation, if your service principal already has sufficient permissions: Tenant.readwrite, then I think the only place to check and confirm is that you need to work with your tenant administrator to confirm the Admin in your Power BI tenant These two options in the portal allow the service principal to use the Power BI API are turned on:
Thank you for your time and sharing, and thank you for your support and understanding of PowerBI!
Best Regards,
Aniya Zhang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly
Is read only Admin API access is mandatory to access Dataset and Gateway REST API's? This service principle do have the access for Power BI REST API's as you shown in the snapshot. But I really doubt if I would be able to Allow this service priciple for read-only Admin API's.
No it's not. The settings for Read only Admin API it's only for admin requests from the doc. Those requests are intended for get massive artifacts over the tenant. However if you just want to use the get datasets from group from the datasets category, you don't need admin permissions, you just need the ones I told you before. The request will only work if the Registered App is added in the workspace like any other user. The requests will work with the artifacts the login has access, so it will work with things the Registered App has access.
If you have already assigned the read write for datasets, groups and tenant, then you just need to add theregistered App to the workspace you want to return.
I hope that helps,
Happy to help!
Hi , @nishanttayal
As you describe today, you want to use your service principal to access all the Dataset and Gateway rest APIs, right? If that's the case, I don't think granting this service principal a simple "Tenant.readwrite" permission will perform all API operations, for example, the prerequisite for this Datasets - Get Dataset In Group is Dataset.ReadWrite.All or Dataset.Read.All, not the Tenant.readwrite you granted.
Datasets - Get Dataset In Group - REST API (Power BI Power BI REST APIs) | Microsoft Learn
I don't think it's enough to use all the Dataset and Gateway rest APIs as you said that the read-only admin API option in the Tenant's admin portal is enough, for example, the Datasets - Cancel Refresh In Group API requires write permission, so I think put a few Tenant admins Portal service principal-related permission options are turned on to be the most secure choice.
Thank you for your time and sharing, and thank you for your support and understanding of PowerBI!
Best Regards,
Aniya Zhang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly
Hi. Let's see. Is the service principal an admin on the workspace of the datasets? do you have turned on the option to allow service principals to use the Rest API? (setting in admin portal for tenant settings)
If all that is correct and you still have the 403 forbidden, try adding Dataset.ReadWrite.All because I'm not sure that just adding tenant means you can do it all. Also, the tenant permission should be concent by an admin, otherwise it won't allow anything.
I hope that helps,
Happy to help!
Hey,
Yes, this service principle is allowed for POWER BI REST API's. And it also has Dataset.ReadWrite.All access on the Azure App.
Yes, my tenant permission is approved by Admin and I am able to use other API's like uploading the report, getting the export of report, creating new groups/workspaces.
Only thing I am struggling to make it work is the Dataset & Gateway API's.
Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.
Check out the August 2024 Power BI update to learn about new features.
Learn from experts, get hands-on experience, and win awesome prizes.
User | Count |
---|---|
49 | |
20 | |
12 | |
11 | |
10 |
User | Count |
---|---|
121 | |
31 | |
29 | |
21 | |
20 |