Share
Report
2We recently had a request from our depts to allow access to a specific workspace from their instance of Azure Purview. They did some preliminary investigation and provide the following information to have us configure and give them access. My issue is that reading some of the material from the documents it seems I am allowing their instance to now have access to all things on PowerBI for the tenant and not just their things. Is there a method to set this up so that it only looks at their data and not the tenant as a whole. Please advise.
We have three requirements:
- Be able to register our PowerBI datasets into our Microsoft Purview instance
- Be able to automate refreshes via the REST API
- Be able to query PowerBI datasets from custom applications from the REST API
We are requesting:
- In order to use Purview with our PowerBI workspace:
- Read-Only PowerBI API to be enabled at the tenant for a specific AD security group.
- Our service principle XXXXX be assigned the following delegated permissions:
- Microsoft Graph openid
- Microsoft Graph User.Read
- Described in ‘Private access’ tab of ‘Deployment Checklist’: https://learn.microsoft.com/en-us/azure/purview/register-scan-power-bi-tenant?tabs=Scenario3#deployment-checklist
- Enable admin APIs responses with detailed metadata
- Enable enhance admin APIs responses with DAX and mashup expressions:
- In order to use the PowerBI REST API for automating tasks with the user’s permissions and security level:
- Our application app-XXXXX be assigned the following delegated permissions:
- Dataset.ReadWrite.all
- Workspace.ReadWrite.All
- Pipeline.ReadWrite.All
- Report.ReadWrite.All
- https://learn.microsoft.com/en-us/rest/api/power-bi/
- Our application app-XXXXX be assigned the following delegated permissions:
Categories:
I have the same question (0)
All responses (
Answers (
