A relatively simple post today, but just this past week a customer came to me with an issue where they had accidentally removed permissions from one of their primary PowerBI deployment pipelines. They still had the PowerBI service admin permissions but could no longer see the pipelines via the PowerBI site.
Naturally, as per recent blogs. I wrote a PowerShell script that links into the PowerBI Rest API that can then add permissions to PowerBI Deployment pipelines!
Hopefully if you find yourself in a similar situation this script may quickly help you out
How it works?
I’ve broken this script down into three parts, get a list of all pipelines so we can find the specific IDs, check existing pipeline users and then add new users.
Get all Pipelines
- Firstly we connect to the PowerBI service (this is going to be needed for all 3 parts)
- We then define the API endpoint we want to use to target all pipelines. $apiUrlPipelines = “admin/pipelines” . Note we use the admin endpoint otherwise the script will only target what your user account specifically has access to
- Invoke the PowerBI Rest method to pull back information on all pipelines – we are mainly interested in the pipeline IDs
Checking for Users
- Using our existing connection to the PowerBI service
- We then define the API endpoint of the specific pipeline using the Pipeline ID as one of the variables
- Finally invoke the PowerBI Rest method, which will pull back the existing users
Adding Users
- Again using the existing connection
- And also the same API endpoint we used to check for existing users
- Using the email address / upn of the user to add in a variable we then load the body to POST to the API endpoint. In this script I have set the access right as Admin and the principal type as User
- Invoke the PowerBI Rest method, to then add the User account
https://github.com/AetherAdv/powerbi_powershell_addpipelinepermissions
Connect-PowerBIServiceAccount
# Get list of pipelines (optional)
$apiUrlPipelines = "admin/pipelines"
$pipelineList = Invoke-PowerBIRestMethod -Url $apiUrlPipelines -Method Get
#---------------------------------
$pipelineId = "####"
$userEmail = "[email protected]"
# Get users assigned to a pipeline
$apiUrlUsers = "admin/pipelines/$pipelineId/users"
$pipelineUsers = Invoke-PowerBIRestMethod -Url $apiUrlUsers -Method Get
$pipelineUsers | ConvertTo-Json -Depth 2
# Add a user as Admin
$body = @{
identifier = $userEmail
accessRight = "Admin"
principalType = "User"
} | ConvertTo-Json -Depth 3
Invoke-PowerBIRestMethod -Url $apiUrlUsers -Method Post -Body $body -ContentType "application/json"