What are the permissions required for an Application Service Principal to access data from Dataverse through Dataverse Web API

SYAMNA S T 60 Reputation points
2024-02-22T10:03:56.8366667+00:00

To access Dataverse resources through Dataverse Web API using OAuth authentication, What are the permissions that the application's service principal (representing the application in Azure AD) needs to have?

Also, Is the below right way to request the token for this

client_id = 'YOUR_CLIENT_ID' client_secret = 'YOUR_CLIENT_SECRET' tenant_id = 'YOUR_TENANT_ID' environment_url = 'YOUR_DATIVERSE_URL' entity_name = 'accounts' # Name of the entity you want to retrieve data from

Acquire access token using Client Credentials Flow

token_url = f'https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token' data = { 'client_id': client_id, 'client_secret': client_secret, 'scope': f'{environment_url}/.default', 'grant_type': 'client_credentials' } response = requests.post(token_url, data=data) access_token = response.json()['access_token']

Make request to Dataverse Web API

api_url = f'{environment_url}/api/data/v9.1/{entity_name}' headers = { 'Authorization': f'Bearer {access_token}', 'Content-Type': 'application/json' } response = requests.get(api_url, headers=headers)

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,292 questions
0 comments No comments
{count} votes

Accepted answer
  1. Navya 9,320 Reputation points Microsoft Vendor
    2024-02-26T09:23:06.99+00:00

    Hi @SYAMNA S T

    Thank you for posting this in Microsoft Q&A.

    I understand you want to know the permissions required for an Application Service Principal to access data from Dataverse through Dataverse Web API.

    The image below represents the permissions for Dataverse. User's image

    In order for the authenticated user to perform operations on your app, they must have the delegated permission to access Dynamics 365 as an organization user.

    The Application service principal is non-interactive user account for Data verse, you do not need permissions as stated above.

    For your reference: Permissions

    Also, Is the below right way to request the token for this.

    Yes, it appears that the client credentials flow is the correct way to request a token for accessing the Dataverse Web API.

    For your reference : Register an app with Microsoft Entra ID

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.