Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get inspired! Check out the entries from the Power BI DataViz World Championships preliminary rounds and give kudos to your favorites. View the vizzies.

Reply
_onto_
Frequent Visitor

power bi rest api - execute query against dataset

‎06-12-2023 08:18 PM

Hi,

 

I have a scenario where user enquires about using the Power BI REST API to query dataset data (via Power Automate). The dataset in question is deployed via an app with build permissions enabled. No permissions are managed at workspace level. My expectation was that this should be anough. Apparently it isn't.

 

So my question is twofold:

1. what is the rationale of not (apparently) allowing users to run REST API dataset queries against datasets for which they have build permissions, particularly since they can run such queries via XMLA
2. Is there a clean way of accomplishing this without resorting to workspace level permissions?

 

Thank you!

Labels:
Message 1 of 7
1,217 Views
0
6 REPLIES 6
lbendlin
Super User
Super User

‎06-13-2023 05:31 PM 
My expectation was that this should be anough. Apparently it isn't.

It definitely is.  Has the user "installed" the app?  That is a one-time activity they must do before they can consume the XMLA endpoint.

Message 2 of 7
1,144 Views
0
_onto_
Frequent Visitor
In response to lbendlin

‎06-13-2023 11:42 PM

They are specifically enquiring about the REST API.  The point I am raising is to do with users with build permissions (via app) not being able to cosume the REST endpoints. Particularly when one reads articles such as this one (and the emphasis on self service) and then it turns out things might not be as rosy.

 

So far:

- does not appear to be possible for users without workspace permissions to consume the REST endpoints but I cannot seem to find this clearly documented

- going the workspace permissions route defeats the whole point of having security defined at dataset level, the individual control over access to the different datasets that may exist in the same workspace, audiences and all of that

 

Hope I'm wrong about this.

Message 3 of 7
1,134 Views
0
lbendlin
Super User
Super User
In response to _onto_

‎06-14-2023 03:41 AM

Can your user use Analyze in Excel? Can they use DAX Studio? SSMS? 

 

All of these work in our environment, for users that definitely do not have workspace access.

Message 4 of 7
1,125 Views
0
_onto_
Frequent Visitor
In response to lbendlin

‎06-14-2023 08:49 AM

Agree, but having REST endpoints accessible makes automation a breeze (Power Automate) versus XMLA endpoints (Azure automation account, or SQL server instance or a machine that's constantly on etc)

 

Tested with dataset level explicit permissions - does not seem to work.

 

...bummer!

Message 5 of 7
1,117 Views
0
lbendlin
Super User
Super User
In response to _onto_

‎06-14-2023 09:09 AM

I think I have been reading your question wrong - apologies.

 

For running a query against the REST API you need to authenticate. Either via the built-in authentication in Power Automate, or by registering an app in Azure that has the right permissions AND SCOPE .  Once you have that then your process no longer depends on the user running the REST API call.

Message 6 of 7
1,113 Views
_onto_
Frequent Visitor
In response to lbendlin

‎06-14-2023 11:08 AM

I don't think you read it wrong. Main gripe is with the requirement to grant and manage permissions at workspace level. For a number of reasons: visibility over everything in that workspace, maintenance overhead,  the huge imbalance between required data scope and actual data scope i.e. user need only access a fraction of the data in one dataset but gets visibility over the full dataset, all other datasets in the workspace, and whatever else is in that workspace.

 

The Azure app approach is the slightly more palatable one since there's probably less maintenance overhead in the long run. But it doesn't address the visibility over everything in that workspace. 

 

Message 7 of 7
1,110 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

FebPBI_Carousel

Power BI Monthly Update - February 2025

Check out the February 2025 Power BI update to learn about new features.

View All