Power BI 權限Power BI permissions

權限範圍Permission scopes

Power BI 權限可賦予應用程式代表使用者採取某些動作。Power BI permissions give an application the ability to take certain actions on a user's behalf. 所有權限必須經由使用者核准才會生效。All permissions must be approved by a user in order to be valid.

顯示名稱Display Name 描述Description 範圍值Scope Value
檢視所有資料集View all Datasets 應用程式可以檢視已登入使用者的所有資料集,和使用者可存取的資料集。The app can view all datasets for the signed in user and datasets that the user has access to. Dataset.Read.AllDataset.Read.All
讀取和寫入所有資料集Read and Write all Datasets 應用程式可以檢視與寫入已登入使用者的所有資料集,和使用者可存取的資料集。The app can view and write to all datasets for the signed in user and datasets that the user has access to. Dataset.ReadWrite.AllDataset.ReadWrite.All
將資料新增至使用者的資料集 (預覽)Add data to a user's dataset (preview) 賦予應用程式新增或刪除使用者之資料集資料列的存取權。Gives an app access to add or delete a user's dataset rows. 此權限不會授權應用程式存取使用者的資料。This permission does not grant the app access to the user's data. Data.Alter_AnyData.Alter_Any
建立內容 (預覽)Create content (preview) 應用程式可以自動為使用者建立內容和資料集。App can automatically create content and datasets for a user. Content.CreateContent.Create
檢視使用者群組View users Groups 應用程式可以檢視已登入使用者所屬的所有群組。The app can view all groups that the signed in user belongs to. Group.ReadGroup.Read
檢視所有群組View all Groups 應用程式可以檢視已登入使用者所屬的所有群組。The app can view all groups that the signed in user belongs to. Group.Read.AllGroup.Read.All
檢視所有儀表板 (預覽)View all Dashboards (preview) 應用程式可以檢視已登入使用者的所有儀表板,和使用者可存取的儀表板。The app can view all dashboards for the signed in user and dashboards that the user has access to. Dashboard.Read.AllDashboard.Read.All
檢視所有報表 (預覽)View all Reports (preview) 應用程式可以檢視已登入使用者的所有報表,和使用者可存取的報表。The app can view all reports for the signed in user and reports that the user has access to. 應用程式也可以查看報表內的資料以及其結構。The app can also see the data within the reports as well as its structure. Report.Read.AllReport.Read.All
讀取和寫入所有報告Read and write all Reports 應用程式可以檢視和寫入已登入之使用者的所有報告,以及使用者可存取的任何報告。The app can view and write to all the reports for the signed in user and any reports that the user has access to. 這不提供建立新報告的權限。This does not provide rights to create a new report. Report.ReadWrite.AllReport.ReadWrite.All

應用程式可以在第一次嘗試登入使用者頁面時,藉由在呼叫的範圍參數中,傳遞所要求之權限來要求權限。An application can request permissions when it first attempts to log in to a user's page by passing in the requested permissions in the scope parameter of the call. 如獲授與權限,將會傳回存取權杖給應用程式,供後續的 API 呼叫之用。If the permissions are granted, an access token will be returned to the app which can be used on future API calls. 只有特定應用程式才可使用此存取權。The access can only be used by a specific application.


Power BI API 仍然將應用程式工作區稱為群組。The Power BI APIs still refer to app workspaces as groups. 任何對群組的引述都表示您處理的是應用程式工作區。Any references to groups mean that you are working with app workspaces.

要求權限Requesting Permissions

雖然您可以呼叫 API 來驗證使用者名稱及密碼,以便能代表其他使用者採取動作,他們仍須先要求權限,待使用者核准之後,才會傳送產生的存取權杖,供後續的所有呼叫之用。While you can call the API to authenticate with a username and password, in order to take actions on behalf of another user, they will need to request permissions that the user then approves and then send the resulting access token on all future calls. 在處理序中,我們會遵循標準 OAuth 2.0 通訊協定。For this process, we will follow the standard OAuth 2.0 protocol. 實際實作可能有所不同,Power BI 的 OAuth 流程包含下列項目:While the actual implementation may vary, the OAuth flow for Power BI has the following elements:

  • 登入 UI - 這是開發人員可以呼叫來要求權限的 UI。Login UI - This is a UI that the developer can evoke to request permissions. 如果使用者尚未登入,將會要求使用者登入。It would require the user to log in if not already. 使用者也必須核准應用程式所要求的權限。The user would also need to approve the permissions that the application is requesting. 登入視窗會回傳所提供之重新導向 URL 的存取碼或錯誤訊息。The login window will post back either an access code or an error message to a redirect URL that is supplied.
    • 標準的重新導向 URL 應該由 Power BI 提供,以供原生應用程式使用。A standard redirect URL should be supplied by Power BI for use by native applications.
  • 授權碼 - 當透過重新導向 URL 中的 URL 參數登入之後,會將授權碼傳回給 Web 應用程式。Authorization Code - Authorization Codes are returned to web applications after login via URL parameters in the redirect URL. 因為授權碼包含在參數中,所以仍有一些安全性風險存在。Since they are in parameters there is some security risk. Web 應用程式必須使用授權碼來交換授權權杖Web applications will have to exchange the authorization code for an Authorization Token
  • 授權權杖 - 這會用來代表另一位使用者驗證 API 呼叫。Authorization Token - Are used to authenticate API calls on another user's behalf. 只有特定應用程式才可使用這些權杖。They will be scoped to a specific application. 權杖有既定的壽命,當其時限屆滿時,就必須更新。Tokens have a set lifespan and when they expire they will need to be refreshed.
  • 更新權杖 - 當權杖到期時,將會執行更新程序。Refresh Token - When tokens expire there will be a process of refreshing them.

有其他問題嗎?More questions? 嘗試在 Power BI 社群提問Try asking the Power BI Community