There is a new blog post from the Microsoft Fabric team talking about the support for using a Service Principal with a Warehouse.

Reference: Service principal support for Fabric Data Warehouse | Microsoft Fabric Blog | Microsoft Fabric

In this blog post I am going to show you how to create a Microsoft Fabric Warehouse, where the owner will be the Service Principal.

As mentioned in the blog post here are some of the advantages of having the Service Principal as the Warehouse Owner.

  • Using a Service Principal to create the warehouse avoids issue where the person who created the warehouse leaves the organization and issues arise when the users account is deleted from Entra ID.
  • You avoid the painful logging in with the user account to ensure the password remains updated.
  • The organization now owns the warehouse and not an individual user.

I will show you how I created a Warehouse with the owner being a Service Principal this using a Microsoft Fabric Notebook

Notebook Code explanation

Below is the code that I used.

The first piece of code below is where I am getting the Current App Workspace ID

A screen shot of a computer code Description automatically generated

In the section below is where I am getting my Service Principal account details from the Azure Key Vault

I have blogged about this before, and you can find the link here: Using Sempy to Authenticate to Fabric/Power BI APIs using Service Principal and Azure Key Vault – FourMoo | Fabric | Power BI

The final piece of code is where I am creating the Warehouse.

NOTE: In my example I am also creating a case in-sensitive warehouse.

Here is the API Reference for creating the Warehouse: Items – Create Warehouse – REST API (Warehouse) | Microsoft Learn

I could see the successful response in the notebook.

A screenshot of a computer Description automatically generated

Once the notebook was completed, I then went and had a look and I could see my warehouse had been created and the owner is the Service Principal.

A close up of a white background Description automatically generated

Summary

I have shown in this blog post how you can create a warehouse using a service principle.

If there are any questions or comments, please leave them in the section below.

And finally, if you want the complete code please find it below.

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
# Load mssparkutils
import notebookutils
# Get the current workspace ID
workspace_id = notebookutils.runtime.context.get("currentWorkspaceId")
# print(f'Workspace ID: {workspace_id}')
#########################################################################################
# Read secretes from Azure Key Vault
#########################################################################################
## This is the name of my Azure Key Vault
key_vault = "https://domain.vault.azure.net/"
## I have stored my tenant id as one of the secrets to make it easier to use when needed
tenant = mssparkutils.credentials.getSecret(key_vault , "tenantid")
## This is my application Id for my service principal account
client = mssparkutils.credentials.getSecret(key_vault , "pbi-sp-applicationid")
## This is my Client Secret for my service principal account
client_secret = mssparkutils.credentials.getSecret(key_vault , "powerbi-sp-clientsecret")
#########################################################################################
# Authentication - Replace string variables with your relevant values
#########################################################################################
import json, requests, pandas as pd
import datetime
try:
from azure.identity import ClientSecretCredential
except Exception:
!pip install azure.identity
from azure.identity import ClientSecretCredential
# Generates the access token for the Service Principal
api = 'https://analysis.windows.net/powerbi/api/.default'
auth = ClientSecretCredential(authority = 'https://login.microsoftonline.com/',
tenant_id = tenant,
client_id = client,
client_secret = client_secret)
access_token = auth.get_token(api)
access_token = access_token.token
## This is where I store my header with the Access Token, because this is required when authenticating
## to the Power BI Admin APIs
header = {'Authorization': f'Bearer {access_token}'}
print('\nSuccessfully authenticated.')
# Create Case Insensitive Warehouse
import pandas as pd
import requests
# API to Create Warehouse
api_url = f"https://api.fabric.microsoft.com/v1/workspaces/{workspace_id}/items"
display(api_url)
# JSON Payload to Post to create the Case Insensitive Collation
payload = {
"type": "warehouse",
"displayName": "WH_Service_Principal",
"description": "New Lakehouse Service Principal case-insensitive collation",
"creationPayload": {
"defaultCollation": "Latin1_General_100_CI_AS_KS_WS_SC_UTF8"
}
}
headers = {
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
}
# Checking the Payload Looks Good
display(payload)
# Post the API Response to create the Warehouse
response = requests.post(api_url, headers=headers, json=payload)
# Load mssparkutils import notebookutils # Get the current workspace ID workspace_id = notebookutils.runtime.context.get("currentWorkspaceId") # print(f'Workspace ID: {workspace_id}') ######################################################################################### # Read secretes from Azure Key Vault ######################################################################################### ## This is the name of my Azure Key Vault key_vault = "https://domain.vault.azure.net/" ## I have stored my tenant id as one of the secrets to make it easier to use when needed tenant = mssparkutils.credentials.getSecret(key_vault , "tenantid") ## This is my application Id for my service principal account client = mssparkutils.credentials.getSecret(key_vault , "pbi-sp-applicationid") ## This is my Client Secret for my service principal account client_secret = mssparkutils.credentials.getSecret(key_vault , "powerbi-sp-clientsecret") ######################################################################################### # Authentication - Replace string variables with your relevant values ######################################################################################### import json, requests, pandas as pd import datetime try: from azure.identity import ClientSecretCredential except Exception: !pip install azure.identity from azure.identity import ClientSecretCredential # Generates the access token for the Service Principal api = 'https://analysis.windows.net/powerbi/api/.default' auth = ClientSecretCredential(authority = 'https://login.microsoftonline.com/', tenant_id = tenant, client_id = client, client_secret = client_secret) access_token = auth.get_token(api) access_token = access_token.token ## This is where I store my header with the Access Token, because this is required when authenticating ## to the Power BI Admin APIs header = {'Authorization': f'Bearer {access_token}'} print('\nSuccessfully authenticated.') # Create Case Insensitive Warehouse import pandas as pd import requests # API to Create Warehouse api_url = f"https://api.fabric.microsoft.com/v1/workspaces/{workspace_id}/items" display(api_url) # JSON Payload to Post to create the Case Insensitive Collation payload = { "type": "warehouse", "displayName": "WH_Service_Principal", "description": "New Lakehouse Service Principal case-insensitive collation", "creationPayload": { "defaultCollation": "Latin1_General_100_CI_AS_KS_WS_SC_UTF8" } } headers = { 'Authorization': f'Bearer {access_token}', 'Content-Type': 'application/json' } # Checking the Payload Looks Good display(payload) # Post the API Response to create the Warehouse response = requests.post(api_url, headers=headers, json=payload)
# Load mssparkutils
import notebookutils

# Get the current workspace ID
workspace_id = notebookutils.runtime.context.get("currentWorkspaceId")
# print(f'Workspace ID: {workspace_id}')

######################################################################################### 
# Read secretes from Azure Key Vault
#########################################################################################
## This is the name of my Azure Key Vault 
key_vault = "https://domain.vault.azure.net/"
## I have stored my tenant id as one of the secrets to make it easier to use when needed 
tenant = mssparkutils.credentials.getSecret(key_vault , "tenantid") 
## This is my application Id for my service principal account 
client = mssparkutils.credentials.getSecret(key_vault , "pbi-sp-applicationid") 
## This is my Client Secret for my service principal account 
client_secret = mssparkutils.credentials.getSecret(key_vault , "powerbi-sp-clientsecret")  

######################################################################################### 
# Authentication - Replace string variables with your relevant values 
#########################################################################################  

import json, requests, pandas as pd 
import datetime  

try: 
    from azure.identity import ClientSecretCredential 
except Exception:
     !pip install azure.identity 
     from azure.identity import ClientSecretCredential 

# Generates the access token for the Service Principal 
api = 'https://analysis.windows.net/powerbi/api/.default' 
auth = ClientSecretCredential(authority = 'https://login.microsoftonline.com/', 
               tenant_id = tenant, 
               client_id = client, 
               client_secret = client_secret) 
access_token = auth.get_token(api)
access_token = access_token.token 

## This is where I store my header with the Access Token, because this is required when authenticating 
## to the Power BI Admin APIs 
header = {'Authorization': f'Bearer {access_token}'}  

print('\nSuccessfully authenticated.')

# Create Case Insensitive Warehouse
import pandas as pd
import requests

# API to Create Warehouse
api_url = f"https://api.fabric.microsoft.com/v1/workspaces/{workspace_id}/items"

display(api_url)

# JSON Payload to Post to create the Case Insensitive Collation
payload = { 
  "type": "warehouse", 
  "displayName": "WH_Service_Principal", 
  "description": "New Lakehouse Service Principal case-insensitive collation", 
  "creationPayload": { 
    "defaultCollation": "Latin1_General_100_CI_AS_KS_WS_SC_UTF8" 
  } 
}

headers = {
    'Authorization': f'Bearer {access_token}',
    'Content-Type': 'application/json'
}

# Checking the Payload Looks Good
display(payload)

# Post the API Response to create the Warehouse
response = requests.post(api_url, headers=headers, json=payload)