Join us for an expert-led overview of the tools and concepts you'll need to pass exam PL-300. The first session starts on June 11th. See you there!
Get registeredPower BI is turning 10! Let’s celebrate together with dataviz contests, interactive sessions, and giveaways. Register now.
Hello there,
In my application I want to implement an automated Power BI Refresh via Rest API. Due to the tenant settings it is only possible to select "Read / Write all" when allowing API access on tenant level (see image below).
My questions are:
1. How does Power BI handle access permissions on workspaces, datasets and reports? Is it handled via common permissions on workspaces etc.?
2. When I have access to the Power BI, can I see or list all reports within the whole tenant or am I prevented of doing that?
Thanks a lot
Simon
Solved! Go to Solution.
@simsta You can set workspace level permissions via Admin, Member or Contributor roles and that gives you access to every item of content in that workspace. Viewer allows read access to every item in the workspace. Or you can set individual permissions on specific items within the workspace. If you have the Fabric Admin role within Azure AD, you have access to everything and can use the REST API to list out every workspace and items within those workspaces
1. Yes, I have created a security group and putted my app user in this group. Then I gave this security group admin access to all the workspaces.
2. Yes, you have admin api's that give access across your whole tenant. In tenant admin settings in PowerBI you can Grant access to the security group in admin api's.
Br
Marius
@Greg_Deckler Considering the first question, what about the API permissions when the setting API Access is enabled on tenent-level? Are the permissions according to what workspace access I have, in other words can I access and list datasets which I have no access in PowerBI Service over the API?
@simsta If you have the Fabric Admin role then yes, otherwise, no.
@simsta You can set workspace level permissions via Admin, Member or Contributor roles and that gives you access to every item of content in that workspace. Viewer allows read access to every item in the workspace. Or you can set individual permissions on specific items within the workspace. If you have the Fabric Admin role within Azure AD, you have access to everything and can use the REST API to list out every workspace and items within those workspaces
User | Count |
---|---|
32 | |
31 | |
28 | |
25 | |
22 |
User | Count |
---|---|
52 | |
42 | |
37 | |
36 | |
31 |