1

I have a console app that uses the REST API to get a dataset (and later add rows to it). This works when I supply my own user/password credentials.

The app has been given the following delegated permissions:

Read and write all Datasets

View all Datasets

Now I have registered the app as a Web/API app in order to use an app key/secret instead. I can get a token, but when I make the same REST call I get 401 Unauthorized, still using the same permissions.

So I have tried giving the app the following Application permissions in Power BI Service, because the docs say these apply to a daemon app:

https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-permissions-and-consent#types-of-permissions

Read and write all content in tenant 

View all content in tenant

These permissions have been granted by an Azure Administrator.

As part of debugging, I have decoded the two tokens.

The token for app key autentication contains this:

"roles": [
"Tenant.ReadWrite.All",
"Tenant.Read.All"
],

while the token for user based authentication contains this:

"scp": "Dataset.ReadWrite.All Workspace.ReadWrite.All",

I have also looked into assigning the app/service principal a Contributor role, but I am unsure on which level (Subscription/Resource group/Resource).

What am I missing..?

Improve this question

2 Answers 2

Reset to default
2

First of all, i think using service principals was not possible at the time of original question since couple of months ago I didn't find any useful information implementing it. However afterwards I bumped into this article which briefly explains how to get it to work so I was able to change usage of "service account" to service principal approach.

So, basically granting permissions to Azure AD App is not enough. You also have to add security group, add your app to that security group, enable usage of service principals in Power BI Admin Portal and then add your security group to workspace. After that it should work.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I don't believe it is possible to use this method with Power BI REST API.

So I have created a special user ("Power BI master account") instead.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.