Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

July 7 - July 17 | Round 2 of the Power BI Dataviz World Championships. Don't miss your chance! Learn more

Reply
DavidS524
Helper I
Helper I

REST API Admin - Groups AddUserAsAdmin:"Parameter PrincipalType or Identifier is missing or invalid"

Hi everyone,

 

I am trying to use the REST API to add a mail-enabled security group as an admin on a workspace. I get the following error when using this format:

 

{
groupUserAccessRight: "Admin",
identifier: "[objectID of the group]",
principalType: "Group"
}

 

Result: 

{
  "error": {
    "code": "InvalidRequest",
    "message": "Parameter PrincipalType or Identifier is missing or invalid"
  }
}

 

I've tried every variation I can think of, including using the email address and displayname of the group as the identifier, or as separate parameters. In contrast, adding one of my colleagues as a user with their email address works just fine:

 

{
groupUserAccessRight: "Admin",
identifier: "[email address]",
principalType: "User"
}

 

For more context, I have also used the "Datasets - Post Dataset User In Group" API call to successfully grant a mail-enabled security group access on a dataset using the objectID:

 

{
datasetUserAccessRight: "ReadExplore",
identifier: "[objectID of the group]",
principalType: "Group"
}

 

This results in a successful Response Code 200 and the group is granted permissions.

 

After Googling around, I saw some posts from a few years ago with similar errors where the suggestion was to make sure the workspace was the newer version. The workspace I am trying to add this to was just created this week so that is not the issue. 

 

Any other ideas?

 

Thank you!

 

5 REPLIES 5
aj1973
Community Champion
Community Champion

Being Admin of the WS doesn't mean you are the Admin of the tenant. APIs with ****AsAdmin are for Power BI administrator of the tenant only. Must use this

https://learn.microsoft.com/en-us/rest/api/power-bi/groups/add-group-user

Regards
Amine Jerbi

If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook

tumuju
Frequent Visitor

I am a TENANT admin and I am trying to add a group to all workspaces. Specifically, I want to use this:  https://learn.microsoft.com/en-us/rest/api/power-bi/admin/groups-add-user-as-admin

 

I have used the API to add my user id but I am not able to use on a group. It seems the API doesn't work when you use a group. 

Here is my code

$jsonRequestBody=@{
  identifier            = "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
  principalType         = "Group"
  groupUserAccessRight  = "Admin"
}|ConvertTo-Json

 

Connect-PowerBIServiceAccount

$workspaceId= "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
Write-Output "https://api.powerbi.com/v1.0/myorg/admin/groups/{$workspaceId}/users"
#Invoke-PowerBIRestMethod -Url "https://api.powerbi.com/v1.0/myorg/groups/{$workspaceId}/users" -Method Post -Headers $authHeader  -Body $jsonRequestBody -Verbose
$request=Invoke-PowerBIRestMethod -Url " https://api.powerbi.com/v1.0/myorg/admin/groups/$workspaceId/users" -Method Post -Verbose -Body $jsonRequestBody

Invoke-PowerBIRestMethod : One or more errors occurred.
At line:13 char:10
+ $request=Invoke-PowerBIRestMethod -Url "https://api.powerbi.com/v1.0/ ...
+          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Microsoft.Power...werBIRestMethod:InvokePowerBIRestMethod) [Invoke-PowerBIRestMethod], AggregateException
    + FullyQualifiedErrorId : One or more errors occurred.,Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod

There response is 
VERBOSE: Request Uri: https://api.powerbi.com/v1.0/myorg/admin/groups/xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/users
VERBOSE: Status Code: BadRequest (400)
Invoke-PowerBIRestMethod : Encountered errors when invoking the command: {
  "code": "InvalidRequest",
  "message": "Parameter PrincipalType or Identifier is missing or invalid"

 

 

The same code works well when I modifiy the body to
$jsonRequestBody=@{
  emailAddress            = "[email protected]"
  principalType         = "User"
  groupUserAccessRight  = "Admin"
}|ConvertTo-Json

aj1973
Community Champion
Community Champion

The Identifier, where do you get it from? it can't be the name of the security group

Regards
Amine Jerbi

If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook

tumuju
Frequent Visitor

I got the identifier Azure AD. The identifier is object id of group.

Membership type: assigned

Source: Windows AD Server

Object ID: <This is what I am using as the identifier>

The object is a group with members of type user. 

Thanks

 

tumuju
Frequent Visitor

I am experiencing the same issue. Trying to add a security group to workspace as Admin results in the error: 'message': 'Parameter PrincipalType or Identifier is missing or invalid'.

If replace the security group with an ordinary user, it works well. 

Helpful resources

Announcements
FabCon and SQLCon Barcelona 2026

FabCon & SQLCon – Barcelona 2026

Join us in Barcelona for FabCon and SQLCon, the Fabric, Power BI, SQL, and AI community event. Save €200 with code FABCMTY200.

60 days of Data Days Carousel

Data Days 2026

Join Fabric Data Days 2026: 60 days of free live/on-demand sessions, challenges, study groups, and certification opportunities.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.