Power BI 权限Power BI permissions

权限范围Permission scopes

Power BI 权限使应用程序能够代表用户执行某些操作。Power BI permissions give an application the ability to take certain actions on a user's behalf. 所有权限均必须经过用户批准才有效。All permissions must be approved by a user in order to be valid.

显示名称Display Name 说明Description 范围值Scope Value
查看所有数据集View all Datasets 该应用可以查看已登录用户的所有数据集以及该用户有权访问的数据集。The app can view all datasets for the signed in user and datasets that the user has access to. Dataset.Read.AllDataset.Read.All
读写所有数据集Read and Write all Datasets 该应用可以查看和写入已登录用户的所有数据集以及该用户有权访问的数据集。The app can view and write to all datasets for the signed in user and datasets that the user has access to. Dataset.ReadWrite.AllDataset.ReadWrite.All
将数据添加到用户的数据集(预览)Add data to a user's dataset (preview) 对应用授予添加或删除用户的数据集行的访问权限。Gives an app access to add or delete a user's dataset rows. 此权限不会对应用授予访问用户数据的权限。This permission does not grant the app access to the user's data. Data.Alter_AnyData.Alter_Any
创建内容(预览)Create content (preview) 应用可以自动为用户创建内容和数据集。App can automatically create content and datasets for a user. Content.CreateContent.Create
查看用户组View users Groups 该应用可以查看已登录用户所属的所有组。The app can view all groups that the signed in user belongs to. Group.ReadGroup.Read
查看所有组View all Groups 该应用可以查看已登录用户所属的所有组。The app can view all groups that the signed in user belongs to. Group.Read.AllGroup.Read.All
查看所有仪表板(预览)View all Dashboards (preview) 该应用可以查看已登录用户的所有仪表板以及该用户有权访问的仪表板。The app can view all dashboards for the signed in user and dashboards that the user has access to. Dashboard.Read.AllDashboard.Read.All
查看所有报表(预览)View all Reports (preview) 该应用可以查看已登录用户的所有报表以及该用户有权访问的报表。The app can view all reports for the signed in user and reports that the user has access to. 该应用还可以查看报表数据及其结构。The app can also see the data within the reports as well as its structure. Report.Read.AllReport.Read.All
读取和写入所有报表Read and write all Reports 该应用可以查看和写入已登录用户的所有报表以及该用户有权访问的任何报表。The app can view and write to all the reports for the signed in user and any reports that the user has access to. 这不提供创建新报表的权限。This does not provide rights to create a new report. Report.ReadWrite.AllReport.ReadWrite.All

首次尝试登录用户的页面时,应用程序可以请求权限,通过在该调用的范围参数中传入所请求的权限实现。An application can request permissions when it first attempts to log in to a user's page by passing in the requested permissions in the scope parameter of the call. 如果授予了该权限,则将向该应用返回一个访问令牌,可在将来的 API 调用上使用该令牌。If the permissions are granted, an access token will be returned to the app which can be used on future API calls. 该访问权限只能由特定应用程序使用。The access can only be used by a specific application.

备注

Power BI API 仍将应用工作区视作为组。The Power BI APIs still refer to app workspaces as groups. 对组的任何引用意味着正在使用应用工作区。Any references to groups mean that you are working with app workspaces.

请求权限Requesting Permissions

虽然你可以调用 API 通过用户名和密码进行验证,以便代表其他用户进行操作,但是他们将需要请求该用户随后批准的权限,然后将生成的访问令牌发送到所有的将来的调用。While you can call the API to authenticate with a username and password, in order to take actions on behalf of another user, they will need to request permissions that the user then approves and then send the resulting access token on all future calls. 对于此过程,我们将遵循标准 OAuth 2.0 协议。For this process, we will follow the standard OAuth 2.0 protocol. 尽管实际实现可能会有所不同,但 Power BI 的 OAuth 流具有以下元素:While the actual implementation may vary, the OAuth flow for Power BI has the following elements:

  • 登录 UI - 这是一个开发人员可以调用来请求权限的 UI。Login UI - This is a UI that the developer can evoke to request permissions. 如果用户尚未登录,它将要求该用户登录。It would require the user to log in if not already. 用户还需要批准应用程序请求的权限。The user would also need to approve the permissions that the application is requesting. 登录窗口将回发访问代码或错误消息,以重定向提供的 URL。The login window will post back either an access code or an error message to a redirect URL that is supplied.
    • 标准重定向 URL 应由 Power BI 提供,以由本机应用程序使用。A standard redirect URL should be supplied by Power BI for use by native applications.
  • 授权代码 - 通过重定向 URL 中的 URL 参数登录后,授权代码将返回到 Web 应用程序。Authorization Code - Authorization Codes are returned to web applications after login via URL parameters in the redirect URL. 由于它们是参数形式,因此存在某些安全风险。Since they are in parameters there is some security risk. Web 应用程序将必须使用授权代码交换授权令牌Web applications will have to exchange the authorization code for an Authorization Token
  • 授权令牌 - 用于代表其他用户对 API 调用进行验证。Authorization Token - Are used to authenticate API calls on another user's behalf. 它们将限制用于特定应用程序。They will be scoped to a specific application. 令牌具有已设定的生命周期,过期时,需要将其进行刷新。Tokens have a set lifespan and when they expire they will need to be refreshed.
  • 刷新令牌 - 令牌过期时,将有一个刷新它们的过程。Refresh Token - When tokens expire there will be a process of refreshing them.

更多问题?More questions? 尝试咨询 Power BI 社区Try asking the Power BI Community