Power BI permissions give an application the ability to take certain actions on a user's behalf. All permissions must be approved by a user in order to be valid.
|Display Name||Description||Scope Value|
|View all Datasets||The app can view all datasets for the signed in user and datasets that the user has access to.||Dataset.Read.All|
|Read and Write all Datasets||The app can view and write to all datasets for the signed in user and datasets that the user has access to.||Dataset.ReadWrite.All|
|View users Groups||The app can view all groups that the signed in user belongs to.||Group.Read.All|
|View all Dashboards (preview)||The app can view all dashboards for the signed in user and dashboards that the user has access to.||Dashboard.Read.All|
|View all Reports (preview)||The app can view all reports for the signed in user and reports that the user has access to. The app can also see the data within the reports as well as its structure.||Report.Read.All|
An application can request permissions when it first attempts to log in to a user's page by passing in the requested permissions in the scope parameter of the call. If the permissions are granted, an access token will be returned to the app which can be used on future API calls. The access can only be used by a specific application.
While you can call the API to authenticate with a username and password, in order to take actions on behalf of another user, they will need to request permissions that the user then approves and then send the resulting access token on all future calls. For this process, we will follow the standard OAuth 2.0 protocol. While the actual implementation may vary, the OAuth flow for Power BI has the following elements:
More questions? Try the Power BI Community