Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
DavidS524
Helper I
Helper I

REST API Admin - Groups AddUserAsAdmin:"Parameter PrincipalType or Identifier is missing or invalid"

‎06-28-2023 06:54 AM

Hi everyone,

 

I am trying to use the REST API to add a mail-enabled security group as an admin on a workspace. I get the following error when using this format:

 

{
groupUserAccessRight: "Admin",
identifier: "[objectID of the group]",
principalType: "Group"
}

 

Result: 

{
  "error": {
    "code": "InvalidRequest",
    "message": "Parameter PrincipalType or Identifier is missing or invalid"
  }
}

 

I've tried every variation I can think of, including using the email address and displayname of the group as the identifier, or as separate parameters. In contrast, adding one of my colleagues as a user with their email address works just fine:

 

{
groupUserAccessRight: "Admin",
identifier: "[email address]",
principalType: "User"
}

 

For more context, I have also used the "Datasets - Post Dataset User In Group" API call to successfully grant a mail-enabled security group access on a dataset using the objectID:

 

{
datasetUserAccessRight: "ReadExplore",
identifier: "[objectID of the group]",
principalType: "Group"
}

 

This results in a successful Response Code 200 and the group is granted permissions.

 

After Googling around, I saw some posts from a few years ago with similar errors where the suggestion was to make sure the workspace was the newer version. The workspace I am trying to add this to was just created this week so that is not the issue. 

 

Any other ideas?

 

Thank you!

 

Labels:
Message 1 of 6
1,120 Views
0
5 REPLIES 5
aj1973
Community Champion
Community Champion

‎08-12-2023 11:21 AM

Being Admin of the WS doesn't mean you are the Admin of the tenant. APIs with ****AsAdmin are for Power BI administrator of the tenant only. Must use this

https://learn.microsoft.com/en-us/rest/api/power-bi/groups/add-group-user

Regards
Amine Jerbi

If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook

Message 3 of 6
1,063 Views
0
tumuju
Frequent Visitor
In response to aj1973

‎08-13-2023 09:47 AM

I am a TENANT admin and I am trying to add a group to all workspaces. Specifically, I want to use this:  https://learn.microsoft.com/en-us/rest/api/power-bi/admin/groups-add-user-as-admin

 

I have used the API to add my user id but I am not able to use on a group. It seems the API doesn't work when you use a group. 

Here is my code

$jsonRequestBody=@{
  identifier            = "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
  principalType         = "Group"
  groupUserAccessRight  = "Admin"
}|ConvertTo-Json

 

Connect-PowerBIServiceAccount

$workspaceId= "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
Write-Output "https://api.powerbi.com/v1.0/myorg/admin/groups/{$workspaceId}/users"
#Invoke-PowerBIRestMethod -Url "https://api.powerbi.com/v1.0/myorg/groups/{$workspaceId}/users" -Method Post -Headers $authHeader  -Body $jsonRequestBody -Verbose
$request=Invoke-PowerBIRestMethod -Url " https://api.powerbi.com/v1.0/myorg/admin/groups/$workspaceId/users" -Method Post -Verbose -Body $jsonRequestBody

Invoke-PowerBIRestMethod : One or more errors occurred.
At line:13 char:10
+ $request=Invoke-PowerBIRestMethod -Url "https://api.powerbi.com/v1.0/ ...
+          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Microsoft.Power...werBIRestMethod:InvokePowerBIRestMethod) [Invoke-PowerBIRestMethod], AggregateException
    + FullyQualifiedErrorId : One or more errors occurred.,Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod

There response is 
VERBOSE: Request Uri: https://api.powerbi.com/v1.0/myorg/admin/groups/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/users
VERBOSE: Status Code: BadRequest (400)
Invoke-PowerBIRestMethod : Encountered errors when invoking the command: {
  "code": "InvalidRequest",
  "message": "Parameter PrincipalType or Identifier is missing or invalid"

 

 

The same code works well when I modifiy the body to
$jsonRequestBody=@{
  emailAddress            = "myuser@myorganisation.com"
  principalType         = "User"
  groupUserAccessRight  = "Admin"
}|ConvertTo-Json

Message 4 of 6
1,034 Views
0
aj1973
Community Champion
Community Champion
In response to tumuju

‎08-13-2023 01:47 PM

The Identifier, where do you get it from? it can't be the name of the security group

Regards
Amine Jerbi

If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook

Message 5 of 6
1,020 Views
0
tumuju
Frequent Visitor
In response to aj1973

‎08-13-2023 05:50 PM

I got the identifier Azure AD. The identifier is object id of group.

Membership type: assigned

Source: Windows AD Server

Object ID: <This is what I am using as the identifier>

The object is a group with members of type user. 

Thanks

 

Message 6 of 6
1,004 Views
0
tumuju
Frequent Visitor

‎08-11-2023 03:33 PM

I am experiencing the same issue. Trying to add a security group to workspace as Admin results in the error: 'message': 'Parameter PrincipalType or Identifier is missing or invalid'.

If replace the security group with an ordinary user, it works well. 

Message 2 of 6
1,077 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

November Power BI Update Carousel

Power BI Monthly Update - November 2025

Check out the November 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All