Skip to content

Latest commit

 

History

History

power_bi

README.md

Power BI Connector

This connector extracts technical metadata from Power BI workspaces using Read-only Power BI admin APIs.

Setup

We recommend creating a dedicated Azure AD Application and a dedicated security group for the connector to use.

  1. Follow Step 1 of this doc to create an Azure AD app and a client secret.

    Note: Make sure to NOT add any Power BI Service permissions to the app. Doing so will lead to authentication errors when calling the APIs. See this notice for more details.

  2. (Optional) To get the sensitivity labe information. Follow the steps to ddd InformationProtectionPolicy.Read.All to the dedicated Azure AD application.

    1. Sign into the Azure portal
    2. Select Azure Active Directory, then Enterprise applications.
    3. Select the application you created
    4. Select Permissions, and Add a permission
    5. Select Microsoft Graph -> Application permissions
    6. Find InformationProtectionPolicy.Read.All and click add button below.
    7. Grant the permission you select.

  3. Follow this doc to create a security group and add the app's service principal as a member.

  4. Log into Power BI Admin Portal as a Power BI admin, enable the following settings under Admin API settings for the security group created in the previous step:

    • Allow service principals to use Power BI APIs
    • Allow service principals to use read-only Power BI admin APIs
    • Enhance admin APIs responses with detailed metadata
    • Enhance admin APIs responses with DAX and mashup expressions

For example,

  1. Add the service principal to all workspaces of interest, except "My Workspaces". Note that it may take an hour before the permission is fully propagated.

Config File

Create a YAML config file based on the following template.

Required Configurations

tenant_id: <tenant_id>  # The Power BI tenant ID

client_id: <client_id>  # The Azure Application client id

secret: <secret>  # The client secret value (not secret ID)

Optional Configurations

By default, the connector will connect all workspaces under a tenant (organization). You can explicitly configure workspaces you want to connect.

workspaces:
  - <workspace_id>  # The workspace id
  - <workspace_id>  # The workspace id

When extracting lineages, the connector parses the snowflake account directly from the DAX expression. In the rare cases when it's unable to do so, the parser will fall back to the default snowflake account specified in the config file as follows.

snowflake_account: <snowflake_account>

Output Destination

See Output Config for more information on the optional output config.

Testing

Follow the Installation instructions to install metaphor-connectors in your environment (or virtualenv). Make sure to include either all or power_bi extra.

Run the following command to test the connector locally:

metaphor power_bi <config_file>

Manually verify the output after the command finishes.