创建了 Powershell 并使用 Invoke-PowerBIRestMethod 来安排 Power BI Refresh 但引发 403 错误

Question

I am using below code. I have replaced the credentials and other GUIDs with XXXX. Please let me know if I am missing anything. The Service principal has read/write perms on Datasets, Reports and Workspaces as mentioned by my security team.

Connect-PowerBIServiceAccount -ServicePrincipal -CertificateThumbprint XXXX -ApplicationId XXXX -Tenant XXXX 

$jsonbody = '{
  "value": {
    "days": [
      "Sunday",
      "Tuesday",
      "Friday",
      "Saturday"
    ],
    "times": [
      "07:00",
      "11:30",
      "16:00",
      "23:30"
    ],
    "localTimeZoneId": "UTC",
    "enabled": true
  }
}'

Invoke-PowerBIRestMethod -Url 'https://api.powerbi.com/v1.0/myorg/groups/XXXX/datasets/XXXX/refreshSchedule' -Method PATCH -Body $jsonbody -ContentType application/json

Resolve-PowerBIError -Last

The above script throws below error

Answer 1

After a ticket with Microsoft product team, I was able to crack the issue.

The first issue is that the Service Principal should be "Application permissions" type and not "Delegated". The Delegated Service Principal will throw 400 error.

The second part and the main reason for 403 - Forbidden error is that I need to takeover the dataset. It means that I shouldn't just be the admin of the Workspace but I need to first takeover dataset using Power BI REST API. After taking over only, I can perform other dataset related tasks with Service Principal authentication.

Overall the sequence will be

1. Takeover Dataset
2. Bind Data Gateway . (Service Principal will require access to this Data Source in the Gateway. There are many steps for this piece to work)
3. Update Parameters (if any)
4. Update Refresh Schedule

If anyone is trying something similar, then I have posted a blog with detailed implementation and steps including Powershell script here .