You have to attain authentication to access Power BI metadata. Your authentication method determines how you retrieve the metadata. The lineage harvester supports two authentication methods:
The metadata harvesting process is different for each authentication method. Therefore, different configurations in Microsoft Azure and Power BI are required.
Note We highly recommend that you use the service principal authentication, as detailed metadata scanning in Power BI is designed for use with service principal authentication.
You can use a cURL command to check whether or not you can use username and password authentication.
Run the following command, where the bolded text refers to your information:curl -v “https://login.microsoftonline.com/<your environment>.onmicrosoft.com/oauth2/v2.0/token” -F client_id=<your ID> -F “username=<your username>” -F “password=<your password>” -F “scope=https://analysis.windows.net/powerbi/api/.default” -F grant_type=password
To check on Windows, follow these steps:
- Download and install the cURL Command-Line Tool.
-
In Windows, click Start > Run, and then enter cmd in the Run dialog box.
- Run the following command, where the bolded text refers to your information:
“https://login.microsoftonline.com/<your environment>.onmicrosoft.com/oauth2/v2.0/token” -F client_id=<your ID> -F “username=<your username>” -F “password=<your password>” -F “scope=https://analysis.windows.net/powerbi/api/.default” -F grant_type=password
- You need access to the Power BI environment in which the data flow is stored.
- The data set in the data flow must exist in a premium workspace.
Username and password
The username and password authentication method relies on the username, in the form of an email address, and a password you provide to access the Power BI metadata.
To use the username and password authentication method, you need to be an Azure Active Directory user with a Power BI admin role in Power BI.
When you become an Azure Active Directory user, a new email address is created. This email address is the username you use to sign in to Power BI. You can store the username and password you use to sign in to Power BI in the lineage harvester configuration file.
Note Only Azure Administrators can create users and require them to authenticate via username and password. The Azure Administrator also assigns the user the Power BI admin role. This user is only created for the purpose of Power BI integration in Collibra Data Intelligence Platform. The user in Azure should have a Member user type.
Service principal
The service principal authentication method allows an Azure Active Directory application to automatically access Power BI content and APIs.
Service principal authentication relies on the Power BI Tenant ID and the Azure Active Directory application ID that you provide in the lineage harvester configuration file. The password you need to access Power BI is the client secret key of the Azure Active Directory application.
To use service principal authentication, you need to embed Power BI content with a Service Principal and an application secret. This entails the following steps:
- In the Power BI Admin portal:
- Enable the Allow service principals to use read-only Power BI admin APIs option.
- Enable the Allow service principal to use Power BI APIs option in the Developer settings.Note This option is no longer required. You can leave it enabled, but you can also safely disable it, if you prefer.
- Enable the Enhance admin APIs responses with detailed metadata option.
- Enable the Enhance admin APIs responses with DAX and mashup expressions option.
Note You need Power BI administrator rights to access the Power BI Admin portal.