Why can’t I add Application Permissions for Dataset.ReadWrite.All and Report.ReadWrite.All in Azure AD?

Developer 0 Reputation points
2025-02-05T22:51:17.4+00:00

Hello Azure Community,

I am working on integrating Power BI API with my application. I have already registered my app in Azure Active Directory (Azure AD) and I have configured permissions under API permissions.

However, I noticed that I can only add Dataset.ReadWrite.All and Report.ReadWrite.All as Delegated permissions, but there is no option to add them as Application permissions.

✅ What I have done:

  • Registered an app in Azure AD.
  • Added Tenant.ReadWrite.All (Application) successfully.
  • Only Delegated permissions are available for Dataset.ReadWrite.All and Report.ReadWrite.All.
  • Admin consent has been granted for all permissions.

❌ The Problem:

  • I cannot find an option to add Dataset.ReadWrite.All and Report.ReadWrite.All as Application permissions.
  • Without this, I get 401 Unauthorized when making API calls from my backend.

🔹 My Questions:

1️⃣ Is it possible to add Dataset.ReadWrite.All and Report.ReadWrite.All as Application permissions in Azure AD? 2️⃣ If yes, how can I enable or request these permissions? 3️⃣ Do I need to configure anything special in Azure AD or Power BI settings to see these permissions?

Any help or guidance would be greatly appreciated! 🙌

Thanks in advance! 😊Hello Azure Community,

I am working on integrating Power BI API with my application. I have already registered my app in Azure Active Directory (Azure AD) and I have configured permissions under API permissions.

However, I noticed that I can only add Dataset.ReadWrite.All and Report.ReadWrite.All as Delegated permissions, but there is no option to add them as Application permissions.

✅ What I have done:

  • Registered an app in Azure AD.
  • Added Tenant.ReadWrite.All (Application) successfully.
  • Only Delegated permissions are available for Dataset.ReadWrite.All and Report.ReadWrite.All.
  • Admin consent has been granted for all permissions.

❌ The Problem:

  • I cannot find an option to add Dataset.ReadWrite.All and Report.ReadWrite.All as Application permissions.
  • Without this, I get 401 Unauthorized when making API calls from my backend.

🔹 My Questions:

1️⃣ Is it possible to add Dataset.ReadWrite.All and Report.ReadWrite.All as Application permissions in Azure AD?
2️⃣ If yes, how can I enable or request these permissions?
3️⃣ Do I need to configure anything special in Azure AD or Power BI settings to see these permissions?

Any help or guidance would be greatly appreciated! 🙌

Thanks in advance! 😊

Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Kancharla Saiteja 5,485 Reputation points Microsoft External Staff Moderator
    2025-02-06T10:38:03.2766667+00:00

    Hi Developer,

    Thank you for posting your query on Microsoft Q&A. I am Saiteja from Q&A will be assisting you with your query.

    Based on your query, here is my understanding: You would like to integrate PowerBi with your application. As per your end goal, I found this article which talks about embed powerBi with app registration. Inorder to make it work you have added three different permissions of which Tenant.ReadWrite.All has been shown as Application permission, and you would like to add the Dataset.ReadWrite.All and Report.ReadWrite.All these permissions to the application to get the dataset information using the application.

    As you see we have two types of permissions, delegated and application permissions. Delegated permissions are one works on behalf of user which works with both application and user permissions. When it comes to application permissions, application access the data without any user itself which is considered only certain situation where you would like to have an automation and backup.

    Since you can see these permissions are only available in delegated permissions which means these are operable on behalf of user itself and there are no same permissions available in application sets.

    As per this document, I see you need to have only delegated permissions itself and there is no requirement of this permission Tenant.ReadWrite.All when accessing with service principal.

    I suggest the application permission of Tenant.ReadWrite.All and if you feel it still required, you can add this from delegated permissions only. Once you provide the permissions, make sure you provide admin consent for the application from portal itself, or you can use this link: https://login.microsoftonline.com/{organization}/adminconsent?client_id={client-id}
    You need to replace organization with Tenant ID and client ID with app id or client id. This is to avoid any admin consent permissions while accessing the service principle in retrieving the data using PowerBi. You can refer the same in the following document.

    One last thing is to enable the setting of "Allow service principals to use Power BI APIs". You Can refer this document for the same.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment"


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.