Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
_onto_
Frequent Visitor

power bi rest api - execute query against dataset

Hi,

 

I have a scenario where user enquires about using the Power BI REST API to query dataset data (via Power Automate). The dataset in question is deployed via an app with build permissions enabled. No permissions are managed at workspace level. My expectation was that this should be anough. Apparently it isn't.

 

So my question is twofold:

1. what is the rationale of not (apparently) allowing users to run REST API dataset queries against datasets for which they have build permissions, particularly since they can run such queries via XMLA
2. Is there a clean way of accomplishing this without resorting to workspace level permissions?

 

Thank you!

6 REPLIES 6
lbendlin
Super User
Super User

My expectation was that this should be anough. Apparently it isn't.

It definitely is.  Has the user "installed" the app?  That is a one-time activity they must do before they can consume the XMLA endpoint.

They are specifically enquiring about the REST API.  The point I am raising is to do with users with build permissions (via app) not being able to cosume the REST endpoints. Particularly when one reads articles such as this one (and the emphasis on self service) and then it turns out things might not be as rosy.

 

So far:

- does not appear to be possible for users without workspace permissions to consume the REST endpoints but I cannot seem to find this clearly documented

- going the workspace permissions route defeats the whole point of having security defined at dataset level, the individual control over access to the different datasets that may exist in the same workspace, audiences and all of that

 

Hope I'm wrong about this.

Can your user use Analyze in Excel? Can they use DAX Studio? SSMS? 

 

All of these work in our environment, for users that definitely do not have workspace access.

Agree, but having REST endpoints accessible makes automation a breeze (Power Automate) versus XMLA endpoints (Azure automation account, or SQL server instance or a machine that's constantly on etc)

 

Tested with dataset level explicit permissions - does not seem to work.

 

...bummer!

I think I have been reading your question wrong - apologies.

 

For running a query against the REST API you need to authenticate. Either via the built-in authentication in Power Automate, or by registering an app in Azure that has the right permissions AND SCOPE .  Once you have that then your process no longer depends on the user running the REST API call.

I don't think you read it wrong. Main gripe is with the requirement to grant and manage permissions at workspace level. For a number of reasons: visibility over everything in that workspace, maintenance overhead,  the huge imbalance between required data scope and actual data scope i.e. user need only access a fraction of the data in one dataset but gets visibility over the full dataset, all other datasets in the workspace, and whatever else is in that workspace.

 

The Azure app approach is the slightly more palatable one since there's probably less maintenance overhead in the long run. But it doesn't address the visibility over everything in that workspace. 

 

Helpful resources

Announcements
RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayPowerBICarousel

Power BI Monthly Update - May 2024

Check out the May 2024 Power BI update to learn about new features.

Top Solution Authors