This connector extracts technical metadata from Power BI workspaces using Read-only Power BI admin APIs.
We recommend creating a dedicated Azure AD Application and a dedicated security group for the connector to use.
-
Follow Step 1 of this doc to create an Azure AD app and a client secret.
Note: Make sure to NOT add any Power BI Service permissions to the app. Doing so will lead to authentication errors when calling the APIs. See this notice for more details.
-
(Optional) To get the sensitivity labe information. Follow the steps to ddd
InformationProtectionPolicy.Read.All
to the dedicated Azure AD application.- Sign into the Azure portal
- Select Azure Active Directory, then Enterprise applications.
- Select the application you created
- Select
Permissions
, andAdd a permission
- Select
Microsoft Graph
->Application permissions
- Find
InformationProtectionPolicy.Read.All
and click add button below. - Grant the permission you select.
-
Follow this doc to create a security group and add the app's service principal as a member.
-
Log into Power BI Admin Portal as a Power BI admin, enable the following settings under Admin API settings for the security group created in the previous step:
- Allow service principals to use Power BI APIs
- Allow service principals to use read-only Power BI admin APIs
- Enhance admin APIs responses with detailed metadata
- Enhance admin APIs responses with DAX and mashup expressions
For example,
- Add the service principal to all workspaces of interest, except "My Workspaces". Note that it may take an hour before the permission is fully propagated.
Create a YAML config file based on the following template.
tenant_id: <tenant_id> # The Power BI tenant ID
client_id: <client_id> # The Azure Application client id
secret: <secret> # The client secret value (not secret ID)
By default, the connector will connect all workspaces under a tenant (organization). You can explicitly configure workspaces you want to connect.
workspaces:
- <workspace_id> # The workspace id
- <workspace_id> # The workspace id
When extracting lineages, the connector parses the snowflake account directly from the DAX expression. In the rare cases when it's unable to do so, the parser will fall back to the default snowflake account specified in the config file as follows.
snowflake_account: <snowflake_account>
See Output Config for more information on the optional output
config.
Follow the Installation instructions to install metaphor-connectors
in your environment (or virtualenv). Make sure to include either all
or power_bi
extra.
Run the following command to test the connector locally:
metaphor power_bi <config_file>
Manually verify the output after the command finishes.