I am trying to get non-admin metadata from PowerBI using ADF.
I have already managed to download admin metadata using ADF, but with non-admin I have troubles.
What I have done so far:
- Created a security group and added the service principal of the ADF
- Created a registered app, and added the app to the security group. The registered app has the following privileges: Report.Read.All, Dataset.Read.All, Workspace.Read.All - admin consent granted.
- In Power BI I have enabled both "Service principals can use Fabric APIs" and "Allow service principals to access read-only admin APIs" and applied to the security group
- In Power BI in workspaces, I added as members both - security group and the registered app.
As stated before, admin metadata I can download, I use the security group with Service Principal of the ADF for this purpose.Non-admin metadata I want to download using registered app.
In ADF pipeline I created two web activities
Get Bearer Token:URL- https://login.microsoftonline.com//oauth2/v2.0/tokenMethod- POSTBody-
grant_type=client_credentials&client_id=<Client_ID>&client_secret=&scope=https://analysis.windows.net/powerbi/api/.defaultHeaders- content-type:application/x-www-form-urlencoded
Call PowerBI API:URL- https://api.powerbi.com/v1.0/myorg/reports/Method- GETAuthentication- NoneHeaders- Authorization: @concat(activity('Request Bearer Token').output.token_type, '', string(activity('Request Bearer Token').output.access_token))
The first activity to get Token is successful, the second activity is not.I get the following error: "Message":"API is not accessible for application".
I tried in Postman and I get error: 403 forbidden.
If I use www.learn.microsoft.com to request for API, so using my personal account with the Token generated by ADF - I call API successfully.
So it seems there is some permission issue? Although, at this moment I think I have checked everything and I am out of ideas...Perhaps, somebody has the same problem?