Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Compete to become Power BI Data Viz World Champion! First round ends August 18th. Get started.

Reply
MikeFleming
Regular Visitor

Recieving (403) Forbidden when Accessing Dataset via API

‎11-09-2023 03:09 AM

I am getting an error when accessing dataset via API.

 

This was previously working but I suspect someone made some changes to that dataset.  However, I know that both the service principle and the impersonating user have admin on that dataset.  I have also tried to create another service principle, following the guidance in

 

Embed Power BI content in an embedded analytics application with service principal and an applicatio...

 

And I get the same result.

 

I have confirmed the setting 'Allow service principals to use Power BI APIs' remains enabled.

 

I am able to access the dataset OK with the impersonating user.

 

I have tried granting the service principal API access to datasets in Azure AD (even though I dont think that is required)

 

 

 

$clientId = "0bXXXXc6"
$clientSecret = "GSXXXXaE"

# Function to get the access token
function Get-AccessToken {
    param (
        $tenantId,
        $clientId,
        $clientSecret
    )

    $tokenEndpoint = "https://login.microsoftonline.com/$tenantId/oauth2/token"
    $body = @{
        "grant_type"    = "client_credentials"
        "client_id"     = $clientId
        "client_secret" = $clientSecret
        "resource"      = "https://analysis.windows.net/powerbi/api"
    }

    $response = Invoke-RestMethod -Uri $tokenEndpoint -Method Post -Body $body -ContentType "application/x-www-form-urlencoded"
    return $response.access_token
}

# Get access token
$accessToken = Get-AccessToken -tenantId $tenantId -clientId $clientId -clientSecret $clientSecret

$headers = @{
    "Authorization" = "Bearer $accessToken"
}


$url = "https://api.powerbi.com/v1.0/myorg/datasets/403358d8-a148-4d52-a33f-4d39630ddb78/executeQueries"
$body = @"
{
    "queries": [
        {
           "query": "EVALUATE SUMMARIZECOLUMNS('Geography'[Store Number], 'Geography'[Store Opening Hours 1.Monday], 'Geography'[Store Opening Hours 2.Tuesday], 'Geography'[Store Opening Hours 3.Wednesday], 'Geography'[Store Opening Hours 4.Thursday], 'Geography'[Store Opening Hours 5.Friday], 'Geography'[Store Opening Hours 6.Saturday], 'Geography'[Store Opening Hours 7.Sunday], 'Geography'[Store Opening Hours 8.Special])"
        }
    ],
    "serializerSettings": {
        "includeNulls": true
    },
    "impersonatedUserName": "example@example.com"
}
"@

$result = Invoke-WebRequest -Uri $url -Method Post -Body $body -Headers $headers -ContentType "application/json" -UseBasicParsing -Verbose -Debug

 

 

 

 

 

 

Invoke-WebRequest : The remote server returned an error: (403) Forbidden.
At line:59 char:11
+ $result = Invoke-WebRequest -Uri $url -Method Post -Body $body -Heade ...
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

 

 

 

 

Labels:
Message 1 of 12
2,102 Views
0
11 REPLIES 11
MikeFleming
Regular Visitor

‎11-09-2023 04:29 AM 
Invoke-WebRequest : The remote server returned an error: (401) Unauthorized.
At line:1 char:2
+  Invoke-WebRequest -Uri $url -Method Post -Body $body -Headers $heade ...
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Message 5 of 12
2,081 Views
0
ibarrau
Super User
Super User
In response to MikeFleming

‎11-09-2023 04:40 AM

Alright 401 might be different. Make sure the permissions of the registered app at azure have "Dataset.ReadWrite.All" or "Dataset.Read.All".

If you can see the Admin portal or ask for IT department. Please check this setting:

ibarrau_0-1699533563985.png

I hope that helps,

 


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 6 of 12
2,075 Views
0
MikeFleming
Regular Visitor
In response to ibarrau

‎11-09-2023 04:47 AM

Hi, yes,

MikeFleming_0-1699533960080.png

 

MikeFleming_1-1699534023522.png

 

Message 7 of 12
2,072 Views
0
ibarrau
Super User
Super User
In response to MikeFleming

‎11-09-2023 05:43 AM

This might sound weird but please remove the Grant admin consent to the permissions. That's a permission for tenant only that can produce error for regular api requests.

Also add Dataset.ReadWrite.All to keep both permissions for dataset.

Just in case, let's sync something. You are using executeQueries. The request is asking for DAX Query in "My Workspace". If you want to query a dataset in a workspace you must use executeQueries in Group.

Please test "Get Datasets in Group" and let us know if that one works.

Make sure you are not breaking a limitation: https://learn.microsoft.com/en-us/rest/api/power-bi/datasets/execute-queries-in-group#limitations

Regards.


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 8 of 12
2,069 Views
0
MikeFleming
Regular Visitor
In response to ibarrau

‎11-09-2023 08:42 AM

Hi,

 

I removed the consent, but same

 

MikeFleming_0-1699548071549.png

I wasnt aware that was asking for queries in My Workspace.  This has worked before with the same code.  But I will check that out, and also try the other call you mentioned.  I will also revisit the limitations.

 

Thanks

Message 9 of 12
2,064 Views
0
MikeFleming
Regular Visitor
In response to MikeFleming

‎11-09-2023 08:45 AM

It is a limitation!  RLS has been enabled.

 

"Service Principals aren't supported for datasets with RLS per RLS limitations  or with SSO enabled."

 

I will need to find another way to connect.

 

Thanks for pointing that out.

Message 10 of 12
2,063 Views
ibarrau
Super User
Super User
In response to MikeFleming

‎11-09-2023 09:46 AM

Alright! it's good to know you find it. Remember you can use the API with username and password instead of secret. I think that might work for RLS.

I hope that helps,


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 11 of 12
2,054 Views
0
MikeFleming
Regular Visitor
In response to ibarrau

‎11-09-2023 10:14 AM

OK, I thought I have tried doing that in the past, but the account I was using would have needed a license.  This is a Premium capacity though.  

 

Thanks again

Message 12 of 12
2,052 Views
0
MikeFleming
Regular Visitor

‎11-09-2023 04:29 AM

Correction to original post, I am getting 401 Unauthorized

 

 

Message 4 of 12
2,081 Views
0
ibarrau
Super User
Super User

‎11-09-2023 04:24 AM

Hi. Usually the 403 for Power Bi Rest API means the token hasn't priviledges for the operation because of a missing permissiong. 403 is the forbidden action. Please check that the Registered App (Service principal) is member of the workspace where the dataset is hosted. Otherwise, the Service Principal can't read the dataset.

In addition, remember that the App registered should have Dataset.ReadWrite.All or Dataset.Read.All permissions at its permission properties in Azure.

I hope that helps,


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 2 of 12
2,082 Views
0
MikeFleming
Regular Visitor
In response to ibarrau

‎11-09-2023 04:27 AM

Thanks.  The service principal is Admin on that workspace.  As is the impersonating user.

Message 3 of 12
2,081 Views
0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All