Reporting
      Back to home
      1. Knowledge Base
      2. Connectors
      3. Reporting

      Power BI - On Cloud

      A Power BI cloud connector is a business analytics service that gives a single view of your most critical business data and supports report editing and collaboration for teams and organizations. Using OvalEdge, you can crawl the Reports, Report Columns, Dashboards, Tiles, Pages, Datasets and Dataflows existing in the Power BI Cloud and build the lineage for Report and Report Columns.

      1-Feb-11-2025-04-27-40-9254-PM

      Overview

      Connector Details

      Connector Category

      Report System

      OvalEdge Release Connector Version

      Release6.3.2

      Connectivity

      [How OvalEdge connects to Power BI Cloud ]

      Rest API

      Power BI Cloud Versions 

      Power BI Service (the cloud version) doesn't have a traditional version number like desktop software

      OvalEdge Releases Supported (Available from)

      Release3.0 Onwards

      Connector Features

      Crawling of Metadata Objects 

      Supported

      Metadata Source

      Information Schema and Power BI Commands

      For example, PBIX files contain report metadata that can be accessed using the Power BI REST API.

      • Exporting PBIX file layout: Use the REST API to export the PBIX file and extract layout information.
      • Retrieving report metadata: Use the Power BI Admin API to get report metadata details.

      Profiling

      Not Supported

      Query Sheet

      Not Supported

      Report Preview

      Supported

      Lineage 

      Supported

      Lineage Levels Supported

      Report Lineage

      Column Lineage

      Authentication via Credential Manager

      Supported

      Data Quality

      Not Supported

      DAM (Data Access Management)

      Not Supported

      Bridge

      Supported

      Crawl of Usage Statistics 

      (Source System)

      [This involves systematically collecting, analyzing, and reporting on data related to user activities, including details on which users are accessing the system, their actions, and the frequency of their access.]

      Supported

      Certifications at Source 

      (Source System)
      [This refers to endorsing metadata objects applied within the source system. These certifications are then fetched and displayed in OvalEdge, enabling more in-depth analysis.]

      Supported

      Getting Ready to Establish a Connection 

      Power BI supports two types of authentication. You can use either one 

      1. Service Principal
      2. Service User

      Service Principal

      Prerequisites 

      The following are the prerequisites required for establishing a connection:  

      1. Azure Configuration
      2. Power BI Configuration
      3. Service Principal User Account with minimum Read Permissions
      4. Configure Environment Variables (Optional)

      Azure Configuration

      1. Creating an App
        1. Sign in to the Azure portal and search for Azure AD in the Azure services text box. Under Manage, click on App registrations.
        2. Click on New registration.
        3. Provide a meaningful name for the application that will be visible to users.
        4. Choose the types of accounts that can access the application, such as Single tenant, Multi-tenant, etc.
        5. Copy the client ID and tenant ID. Next, click on Manage and select Certificates & secrets from the left side menu. Then, create a client ID and client secret.
        6. Click on Add.
        7. Copy the client's secret key, which will be used to create a connection.
      2. Creating a new Security Group
        1. Sign in to the Azure portal and search for Azure AD.
        2. Create a new security group in Azure Active Directory. If you already have a security group you want to use, skip this step.
        3. In the Manage, click on the Groups. The Groups Overview page is displayed.
        4. Click on the New Group.
        5. Select the Group Type as Security and enter the Group Name.
        6. Describe the Group by describing the Group description field and click on the Members. The Add Members page is displayed.
        7. Select the checkbox for the members associated with the Group.
        8. Click on the Select button.
        9. Add the service principal app or users to the current security group based on the requirement.

      Power BI Application Configuration

      1. Log in with Power BI Administrator Privileges
        1. Use an account with Power BI admin rights and enable the following settings.
      2. Enable Power BI Service Admin Settings
        1. Access the Power BI Admin Portal (you must be a Power BI admin to view tenant settings).
        2. Go to Admin API Settings and enable the option for service principals to use read-only Power BI admin APIs.
        3. Set the toggle to "Enabled," select the "Specific security groups" radio button, and add the appropriate security group.
        4. Navigate to Admin Portal > Tenant Settings > Developer Settings to enable these settings.
      3. Enable Embedding Content in Apps
        1. In Admin Portal > Tenant Settings > Developer Settings, select the "Entire organization" option and enable the settings under Embed Content in Apps.
      4. Allow Service Principals to Use Power BI APIs
        1. In Developer Settings > Allow service principals to use Power BI APIs, select "Specific security groups" and enable the setting.
      5. Allow Service Principals to Create and Use Profiles
        1. In Developer Settings > Allow service principals to create and use profiles, select "Specific security groups" and enable the setting.

      6. Admin API Settings for Service Principals
        1. In Admin Portal > Tenant Settings > Admin API Settings, enable the setting to allow service principals to use read-only Power BI admin APIs. Select "Specific security groups" and enable the option.

          Note: If you are using a Microsoft Fabric License, this setting's label will appear as "Allow service principals to use read-only Fabric admin APIs" instead of Power BI admin APIs.
      7. Enhance Admin API Responses
        1. In Admin API Settings > Enhance admin API responses with detailed metadata, select the "Entire organization" option and enable the setting.
        2. Similarly, enable the Enhance admin API responses with DAX and mashup expressions option for the entire organization.
      8. Download Reports
        1. In Admin Portal > Tenant Settings > Export and Sharing Settings > Download Reports, select the "Entire organization" option and click Apply to allow all users to download reports.
        2. Alternatively, if you choose the "Specific security groups" option, enter the appropriate security group, and only members of that group can download reports.
      9. Grant Access to Power BI Workspaces
        1. Create a workspace in Power BI if there is no existing workspace to crawl in OvalEdge.
        2. To access a workspace for OvalEdge crawling, search for the workspace name, click the three dots for Workspace Settings, and select Workspace Access.
        3. Add Users or Service Principals:
          1. In the Access pane, under Add admins, members, or contributors, add one of the following:
          2. Your service principal (the display name of your Microsoft Entra app as shown in the app's overview tab).
        4. A security group that includes your service principal. The minimum required permission for the service principal is Member, and the maximum is Admin.
        5. From the dropdown menu, select Member or Admin, then click Add.

      For detailed guidance, refer to:

        Service User          

        Prerequisites

        The following are the prerequisites required for establishing a connection:

        1. Azure Configuration
        2. Office 365 Configuration
        3. Power BI Configuration
        4. Service User Account with Minimum Read Permissions
        5. Configure Environment Variables (Optional)

        Azure Configuration

        1. Creating an App
          1. Sign in to the Azure portal and search for Azure AD. Under Manage, click App registrations.

          2. Click New registration.

          3. Provide a user-facing display name for the app, select supported account types, and set the Redirect URI as https://app.powerbi.com.

          4. Click Register and take note of the Directory Tenant ID and App Client ID.
        2. Enabling API Permissions in Azure
          1. In the app's settings, click API Permissions and then Request API Permissions.

          2. Select Microsoft APIs > Application Permissions and choose Tenant.Read.All. Ensure that admin consent is set to YES.

          3. Create a client secret by navigating to Certificates & secrets, clicking New Client Secret, and noting the Secret ID value.

        3. Creating a Security Group

          1. Create a security group in Azure Active Directory. Ensure the group type is set to Security.

          2. Add the service user and the registered app to this security group.

        Office 365 Configuration

        Service User Setup: Create a new service user in Office 365 or use an existing user for configuration.

        To enable Power BI Admin APIS for the created service user, you have two options:

        1. Either enable the OvalEdge service user as a Power BI Administrator role, or you can use an existing user with the Power BI Administrator role.
        2. Afterward, configure the required permissions in the Power BI Admin Portal.

        Power BI Configuration

        1. Power BI Admin Portal Configuration
          1. Log in to the Power BI Admin Portal using the service user credentials.
            Note: To view the Tenant Settings page, you must have Power BI Admin privileges.
          2. Under Admin API Settings, enable the option to allow service principals to use read-only Power BI admin APIs and add the security group created in Azure.
          3. To enable the Power BI service admin setting, navigate to Admin Portal > Tenant Settings > Developer Settings.
          4. Select the "Entire organization" option and enable the settings in the Admin Portal > Tenant Settings > Developer settings > Embed Content in apps.
          5. In Developer settings > Allow service principals to use Power BI APIs, select specific security groups, and enable the settings.
          6. In Developer settings > Allow service principals to create and use profiles, select specific security groups, and enable the settings.
          7. In the Admin Portal > Tenant Settings > Admin API settings > Allow service principals to use read-only Power BI admin, select specific security groups, and enable the settings.

             
        2. Enhanced API Responses
          1. In the Admin Portal > Tenant Settings > Admin API settings > Enable the Enhance admin API responses with detailed metadata option for the entire organization.
          2. Enable Enhance admin API responses with DAX and mashup expressions for the entire organization.
        3. Report Downloads
          1. In the Admin Portal > Tenant Settings > Export and sharing settings > Download Reports, select The entire organization option, then click Apply. All the users in the organization can download the reports.
          2. Alternatively, if you select the Specific security groups option, enter the specific security group and click Apply. Then, only people in the entered group can download the reports.
        4. Power BI Workspace Configuration
          1. Creating a Workspace
            Note            : If you have already created then you can skip this step
            1. Navigate to app.powerbi.com.
            2. The First step is to create a workspace (Premium / Non-premier ) in Power BI.
            3. Click on the Create a workspace button.
            4. Enter the workspace name.
            5. Click on the Save button in the advanced tab, select the option for Specific users and groups, and then enter the users and groups. 
            6. Once the workspace is successfully created, search the workspace name.
          2. Workspace Access
            1. Once the workspace is created, search for the workspace name, click the three dots, and select Workspace Access.
            2. In the Access pane, add the security group created in Azure with Contributor permissions. The minimum permission required for the service user is Contributor, and the maximum is Admin.

        For detailed guidance, refer to:

        Setup a Connection

        Only a user with a Connector Creator role can set up a connection in OvalEdge.
        1. Log into OvalEdge, go to Administration > Connectors, click + (New Connector), search for Power BI, and complete the specific parameters.
          Note: Fields marked with an asterisk (*) are mandatory for establishing a connection.

          Field Name

          Description

          Connector Type

          By default, "Power BI" is displayed as the selected connector type.

          Connector Settings

          Server Type*

          Select the server type as Powerbicloud.

          Authentication*

          Select the authentication type as Username & Password or Service Principal

          Credential Manager*

          Select the desired credentials manager from the dropdown list. Relevant parameters will be displayed based on your selection.

          Supported Credential Managers:

          • OE Credential Manager
          • AWS Secrets Manager
          • HashiCorp Vault
          • Azure Key Vault

          License Add Ons

          OvalEdge connectors have a default license add-on for data crawling and profiling.

          • Select the checkbox for Auto Lineage Add-On to build data lineage automatically.

          PBIX/PBIT Source*

          Choose either OneDrive or Local Drive as the source for files.

          Note: If using OneDrive, provide the OneDrive connection and folder name.

          Connector Name*

          Enter a unique name for the Power BI connection              

          (Example: "PowerBICloud").

          Connector Environment

          Select the environment (Example: PROD, STG) configured for the connector. 

          Client Id*

          A unique identifier generated during app registration in Azure AD is used to authenticate the app in Power BI.

          Client Secret*

          A confidential key is generated during app registration and used to authenticate the app securely.

          Tenant

          An organization that owns and manages the Microsoft cloud instance (e.g., organization.onmicrosoft.com).

          Tenant Id*

          A unique identifier for the Azure AD instance is used to authenticate the app within the tenant.

          Username*

          Enter the service account username set up to access the Power BI Cloud (Example: "oesauser").

          Password*

          Enter the password associated with the service account user (Example: "password").

          Files Path*

          Provide the server file path to store exported PBIX files temporarily.

          Premium Report(Y/N)

          Select the Premium Report option. When the option is Yes, the user can crawl the report's dataset, and when the premium option is selected as NO, the user can only view the report.

          Okta Enabled(Y/N)

          If Okta is enabled for the given service user, enter ‘Y’; otherwise, enter ‘N.’

          Read From NFS(Y/N)

          To retrieve reports directly from the folder without connecting to the Power BI service, enter 'Y'; otherwise, enter 'N.'

          Crawl Hidden Pages(Y/N)

          To crawl the hidden pages, enter ‘Y’; otherwise, enter 'N.'

          Plugin Open In PowerBI Apps(Y/N)

          To open the reports using Apps in Power BI, enter ‘Y’. Else enter ‘N’

          Note: Reports will open via apps if available; otherwise, they'll open through workspaces.

          Default Governance Roles

          Default Governance Roles*

          Select the appropriate users or teams for each governance role from the dropdown list. All users and teams configured in OvalEdge Security are displayed for selection.

          Admin Roles

          Admin Roles*

          Select one or more users from the dropdown list for Integration Admin and Security and Governance Admin. All users configured in OvalEdge Security are available for selection.

          No Of Archive Objects*

          It indicates the number of recent metadata changes to a dataset at the source. By default, it is off. You can enable it by toggling the Archive button and specifying the number of objects to archive.

          Example: Setting it to 4 retrieves the last 4 changes, shown in the 'version' column of the 'Metadata Changes' module.

          Bridge

          Select Bridge*

          The dropdown displays all the active and inactive bridges configured in the OvalEdge. Select the appropriate bridge that enables seamless connectivity between data sources without altering firewall rules.
        2. After entering all connection details, you can perform the following actions:
          1. Click Validate to verify the connection.
          2. Click Save to store the connection for future use.
          3. Click Save & Configure to apply additional settings before saving.
        3. The saved connection will appear on the Connectors home page.

        Connectivity Troubleshooting

        If incorrect parameters are provided, you may encounter error messages. To resolve these issues, ensure all input is correct. If problems persist, contact your assigned OvalEdge support team.

        S.No.

        Error Description

        Resolution

        1

        "Invalid username or password."

        Verify that the correct username and password are entered. Ensure the service account has the necessary permissions, and the credentials are up-to-date.

        2

        "Authentication failed for the user."

        Confirm that the service account has the correct privileges to access the repository database. Check that the account is not locked or disabled.

        Manage Connector Operations

        Configure Settings for Connector Operations

        The Power BI connector offers various settings to customize data crawling and access. These include:

        • Crawler: Configure data that needs to be extracted.
        • Access Instructions: Specify how data can be accessed as a note.
        • Business Glossary Settings: Manage term associations at the connector level.
        • Lineage: Allows users to select multiple data sources, choose server dialects to parse source code, and set connector priorities to create table lineage connections.
        • Others: Configure notification recipients for metadata changes.

        Crawl/Profile

        Integration Admin privileges are required for Crawl/Profile operations.

        Crawl and Profile operations enable you to select one or more report groups from a list of all available report groups within a specific database. This allows you to customize the selection of crawling operations according to your requirements. 

        Other Operations

        The Connectors page in OvalEdge provides a centralized view of all configured connectors, including their health status. Using the Nine Dots menu, you can view, edit, validate, build lineage, and delete connectors.

        Managing connectors includes:

        • Connectors Health: Displays performance with a green (active) or red (inactive) icon, helping monitor data flow and address issues early.
        • Viewing: Shows connector details (e.g., Databases, Tables, Table Columns, and Codes) via the View icon.

        Nine Dots Menu Options:

        • Edit Connector: Update and revalidate the data source.
        • Validate Connector: Check the connection's integrity.
        • Settings: Modify connector settings.
        • Build Lineage: Automatically build data lineage using SQL logs and source code parsing.
        • Delete Connector: Remove connectors or schemas with confirmation.

        Limitations

        S.No.

        Description

        1

        We use APIs to export PBIX files to get a report's metadata. Sometimes, the exported PBIX files are encrypted. In these cases, include the PBIT file in the path configured in the connection.

         

        Copyright © 2025, OvalEdge LLC, Peachtree Corners, GA, USA.