Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started
I am using a Service Principal to deploy a PowerBI report with a DirectQuery dataset connected to a Databricks SQL endpoint. This is in a deployment pipeline. When the report is run, I want it to pass the current user credential through to Databricks (I have row-based security in play within Databricks, which is why I am using Direct Query)
I am seeing inconsistent behavior between when deploying with my service principal (which has all the required accesses - it can deploy the report), and when I deploy with a user account instead of the SP.
When I deploy the report with the Service Principal, I am getting a "missing credential" error message when trying to access the deployed report:
When I query the dataset credentials using the PowerBI API just after deployment, the "useEndUserOAuth2Credentials" property on the dataset credential is false:
If I then navigate to the dataset settings page, and take over the dataset with my interactive AAD user credential (i.e. not the service principal), the report works fine without me setting any OAuth settings - the default OAuth option after takeover is the "Report Viewers can only access this datasource with their own identities...", which is what I want. This is the dataset credentials after I've taken over the dataset.
When I deploy with my user account, the report loads and works as expected. Qurying the dataset credentials shows that the useEndUserOAuth2Credentials is set to true. Here's the full Powershell session deploying the report and reading the dataset credential:
This looks like a bug in deploying with a Service Principal, but I would like to confirm that before logging a support ticket.
My questions are as follows:
Please refer to this documentation and update the credential for DirectQuery.
Configure credentials programmatically for Power BI embedded analytics - Power BI | Microsoft Learn
Was this issue resolved , am trying to peform the same without taking over dataset . please update
Have you tried to update the data source via the REST API after publishing?
Gateways - Update Datasource - REST API (Power BI Power BI REST APIs) | Microsoft Docs
I have tried that, it doesn't work (or at least I couldn't construct a message that would work).
When comparing the working dataset (deployed with a user account) and the broken one pre-takeover (deployed with a service principal), the differences are the CredentialType and CredentialDetails\useEndUserOAuth2Credentials properties. When I try and patch them in I get a PowerShell error:
Tracing the error using Fiddler shows this error body (note that no type is mentioned):
"{"error":{"code":"InvalidRequest","message":"Property useEndUserOAuth2Credentials is only supported with credentials of type and datasource type of Extension"}}"
Hello
Did you set-up oauth app additionally? Or is it not required? Was the service principal issue resolved?