|
55 | 55 | SP_OBJECT_ID=$(az ad sp show --id ${{ vars.AZURE_CLIENT_ID }} --query id -o tsv) |
56 | 56 | echo "principalId=$SP_OBJECT_ID" >> $GITHUB_ENV |
57 | 57 | echo "Service Principal Object ID: $SP_OBJECT_ID" |
| 58 | + - name: Configure Power BI API Permissions |
| 59 | + id: configure-powerbi |
| 60 | + continue-on-error: true |
| 61 | + run: | |
| 62 | + echo "Adding Power BI API permissions to service principal..." |
| 63 | + |
| 64 | + # Power BI Service App ID (well-known) |
| 65 | + POWERBI_APP_ID="00000009-0000-0000-c000-000000000000" |
| 66 | + |
| 67 | + # Get the app object ID |
| 68 | + APP_OBJECT_ID=$(az ad app show --id ${{ vars.AZURE_CLIENT_ID }} --query id -o tsv) |
| 69 | + |
| 70 | + # Add Tenant.Read.All permission (Role ID from Power BI API) |
| 71 | + az ad app permission add \ |
| 72 | + --id $APP_OBJECT_ID \ |
| 73 | + --api $POWERBI_APP_ID \ |
| 74 | + --api-permissions b2f1b2fa-f35c-407c-979c-a858a808ba85=Scope \ |
| 75 | + 2>/dev/null || echo "Permission may already exist" |
| 76 | + |
| 77 | + # Add Workspace.ReadWrite.All permission |
| 78 | + az ad app permission add \ |
| 79 | + --id $APP_OBJECT_ID \ |
| 80 | + --api $POWERBI_APP_ID \ |
| 81 | + --api-permissions 7504609f-c495-4c64-8542-686125a5a36f=Scope \ |
| 82 | + 2>/dev/null || echo "Permission may already exist" |
| 83 | + |
| 84 | + # Grant admin consent (requires admin privileges) |
| 85 | + az ad app permission admin-consent --id $APP_OBJECT_ID 2>/dev/null || \ |
| 86 | + echo "⚠️ Admin consent required. Grant manually in Azure Portal if Fabric setup fails." |
| 87 | + |
| 88 | + echo "Power BI API permissions configured" |
58 | 89 | - name: Provision Infrastructure |
59 | 90 | run: azd provision --no-prompt |
60 | 91 | env: |
|
0 commit comments