refactor: Remove Power BI API permissions configuration and access check from deployment workflow

Harmanpreet-Microsoft · Harmanpreet-Microsoft · commit beaaacf20bec · 2026-04-06T15:21:45.000+05:30
diff --git a/.github/workflows/azure-dev.yml b/.github/workflows/azure-dev.yml
@@ -55,54 +55,9 @@ jobs:
           SP_OBJECT_ID=$(az ad sp show --id ${{ vars.AZURE_CLIENT_ID }} --query id -o tsv)
           echo "principalId=$SP_OBJECT_ID" >> $GITHUB_ENV
           echo "Service Principal Object ID: $SP_OBJECT_ID"
-      - name: Configure Power BI API Permissions
-        id: configure-powerbi
-        continue-on-error: true
-        run: |
-          echo "Adding Power BI API permissions to service principal..."
-          
-          # Power BI Service App ID (well-known)
-          POWERBI_APP_ID="00000009-0000-0000-c000-000000000000"
-          
-          # Get the app object ID
-          APP_OBJECT_ID=$(az ad app show --id ${{ vars.AZURE_CLIENT_ID }} --query id -o tsv)
-          
-          # Add Tenant.Read.All permission (Role ID from Power BI API)
-          az ad app permission add \
-            --id $APP_OBJECT_ID \
-            --api $POWERBI_APP_ID \
-            --api-permissions b2f1b2fa-f35c-407c-979c-a858a808ba85=Scope \
-            2>/dev/null || echo "Permission may already exist"
-          
-          # Add Workspace.ReadWrite.All permission
-          az ad app permission add \
-            --id $APP_OBJECT_ID \
-            --api $POWERBI_APP_ID \
-            --api-permissions 7504609f-c495-4c64-8542-686125a5a36f=Scope \
-            2>/dev/null || echo "Permission may already exist"
-          
-          # Grant admin consent (requires admin privileges)
-          az ad app permission admin-consent --id $APP_OBJECT_ID 2>/dev/null || \
-            echo "⚠️  Admin consent required. Grant manually in Azure Portal if Fabric setup fails."
-          
-          echo "Power BI API permissions configured"
-      - name: Check Power BI API Access
-        id: check-powerbi
-        continue-on-error: true
-        run: |
-          echo "Testing Power BI API access..."
-          TOKEN=$(az account get-access-token --resource https://analysis.windows.net/powerbi/api --query accessToken -o tsv 2>/dev/null)
-          if [ -n "$TOKEN" ] && [ "$TOKEN" != "null" ]; then
-            echo "powerbi_access=true" >> $GITHUB_OUTPUT
-            echo "✓ Power BI API access confirmed"
-          else
-            echo "powerbi_access=false" >> $GITHUB_OUTPUT
-            echo "⚠️  Power BI API access not available. Fabric workspace automation will be skipped."
-            echo "   To enable: Grant Power BI API permissions and admin consent to the service principal."
-          fi
       - name: Provision Infrastructure
         run: azd provision --no-prompt
         env:
            AZD_INITIAL_ENVIRONMENT_CONFIG: ${{ secrets.AZD_INITIAL_ENVIRONMENT_CONFIG }}
            principalType: 'ServicePrincipal'
-           fabricWorkspaceMode: ${{ steps.check-powerbi.outputs.powerbi_access == 'true' && 'create' || 'skip' }}
+           fabricWorkspaceMode: 'skip'
