I’ve created a PowerShell script that will add a given Service Principal to all (configured) Power BI workspaces. This can be useful or even required for all kinds of scenarios, but I recently needed such a script for my BPAA solution as it needs to talk to the XMLA endpoint of all data models in the Power BI Service and to be able to do that, the Service Principal needs to be a member of the workspaces.
Check out the AddServicePrincipalToPowerBIWorkspaces.ps1 gist on GitHub. It’s also framed below (same script).
This script will prompt for the (correct) ObjectId of the Service Principal (the one from “Enterprise applications” in Azure Active Directory), and it will prompt for the credentials of a Power BI Service Administrator.
Before you run the script, you can specify:
- If you want the Service Principal to be added to workspaces in shared or premium capacity or both.
- The type of role the Service Principal will get in all the workspaces.
- If you want to force update that in case the Service Principal is already a member.
Before running this script, make sure you read these notes/disclaimers first:
- The given Service Principal will have permissions to access the data models in the workspaces it is added to. Please be incredibly careful and handle the secret of the Service Principal with care. Consider storing the details of the Service Principal, including the value of the secret in a private password manager or (Azure Key) vault.
- Tip: consider removing the Service Principal directly after you are finished with the task that requires the Service Principal to be a member of the workspaces. I have a script to remove a Service Principal from all Power BI workspaces.
- Note: this script only works with v2 workspaces (you can’t add a Service Principal to a v1 workspace).