Power BI Lineage Scanner
Limitations
-
Power BI REST APIs do not support downloading
.pbix
files from Premium capacity workspaces due to architectural and security restrictions. As a result, lineage is not available for such files. -
Lineage information is available on column level for most objects, however there might be exceptions to this.
-
Power BI enables 500 requests per hour. See the official Microsoft documentation.
-
To obtain attribute-level lineage from Reports, certain conditions need to be met. For details, see Download a report from the Power BI service to Power BI Desktop.
-
Lineage cannot be extracted for the following objects:
-
Paginated reports
-
Power BI apps
-
-
In Power Query, nested LET statements are not supported. This list might not be exhaustive.
Supported connectivity
-
Connector type: REST API.
-
Authentication method: OAuth 2.0 Client Credentials Flow (Service Principal).
Power BI permissions
REST API permissions to access Admin - WorkspaceInfo GetScanResult
The user account used for lineage scanning must have administrator rights (such as Microsoft 365 Global Administrator or Power BI Service Administrator), or authenticate using a service principal.
When running under service principal authentication, the service principal app must not have any admin-consent required permissions for Power BI set in the Azure portal.
For more details, see the Microsoft documentation.
Access to Power BI workspaces
The user account needs to have access rights to a given workspace in Power BI.
-
To manage access for the Power BI workspace, locate the workspace you want to scan in Power BI.
-
Select Manage access and setup admin rights for the Azure Power BI scan entity.
Enable tenant settings for metadata scanning
The following tenant settings that control metadata scanning need to be configured. To do this, go to Admin portal > Tenant settings > Admin API settings.
-
Enhance admin APIs responses with detailed metadata: Turns on model caching and enhances API responses with low-level semantic model metadata (for example, name and description) for tables, columns, and measures.
-
Enhance admin APIs responses with DAX and mashup expressions: Allows the API response to include DAX expressions and Mashup queries. The setting can only be used if the first setting is also configured.
Scanner configuration
All fields marked with an asterisk (*) are mandatory.
Property | Description |
---|---|
|
Unique name for the scanner job. |
|
Specifies the source type to be scanned.
Must contain |
|
A human-readable description of the scan. |
|
List of Ataccama ONE connection names for future automatic pairing. |
|
Path to the PowerQueryParser execution file. |
|
URL of the Power BI REST API endpoint. |
|
REST endpoint for Microsoft OAauth 2.0. The URL should contain the tenant ID of your organization. |
|
Microsoft 0Auth 2.0 credentials client ID. See Client ID in Azure. |
|
Microsoft OAuth 2.0 credentials client secret. |
|
List of workspace IDs to be excluded from the scan. |
|
List of workspace IDs to be scanned. If left empty, the scanner scans everything. |
{
"scannerConfigs": [
{
"name": "Power BIJob1",
"sourceType": "POWER_BI",
"description": "Scan Power BI platform",
"oneConnections": [],
"inputDataCatalogFilePath": null,
"powerQueryParserPath": "@@ref:env:[POWERQUERY_PARSER]",
"tokenUrl": "https://login.microsoftonline.com/[tenantID]/oauth2/v2.0/token",
"apiUrl": "https://api.powerbi.com/v1.0/myorg",
"clientId": "your-client-id",
"clientSecret": "@@ref:ata:[POWER_BI_CLIENT_SECRET]",
"workspaces": [
"workspace-id1-to-include",
"workspace-id2-to-include"
]
}
]
}
Troubleshooting
PowerQuery parser can’t run on macOS
- Problem
-
When trying to run the PowerQuery parser on macOS, it cannot be opened because it cannot be checked for malicious software.
- Solution
-
This is a common issue with applications downloaded from the internet which are not recognized by Apple security protocols.
To allow the PowerQuery parser to run, you can remove the quarantine attribute using the following command:
xattr -d com.apple.quarantine parser-macos
Was this page useful?