There is a new blog post from the Microsoft Fabric team talking about the support for using a Service Principal with a Warehouse.
Reference: Service principal support for Fabric Data Warehouse | Microsoft Fabric Blog | Microsoft Fabric
In this blog post I am going to show you how to create a Microsoft Fabric Warehouse, where the owner will be the Service Principal.
As mentioned in the blog post here are some of the advantages of having the Service Principal as the Warehouse Owner.
- Using a Service Principal to create the warehouse avoids issue where the person who created the warehouse leaves the organization and issues arise when the users account is deleted from Entra ID.
- You avoid the painful logging in with the user account to ensure the password remains updated.
- The organization now owns the warehouse and not an individual user.
I will show you how I created a Warehouse with the owner being a Service Principal this using a Microsoft Fabric Notebook
Notebook Code explanation
Below is the code that I used.
The first piece of code below is where I am getting the Current App Workspace ID

In the section below is where I am getting my Service Principal account details from the Azure Key Vault
I have blogged about this before, and you can find the link here: Using Sempy to Authenticate to Fabric/Power BI APIs using Service Principal and Azure Key Vault – FourMoo | Fabric | Power BI

The final piece of code is where I am creating the Warehouse.
NOTE: In my example I am also creating a case in-sensitive warehouse.

Here is the API Reference for creating the Warehouse: Items – Create Warehouse – REST API (Warehouse) | Microsoft Learn
I could see the successful response in the notebook.

Once the notebook was completed, I then went and had a look and I could see my warehouse had been created and the owner is the Service Principal.

Summary
I have shown in this blog post how you can create a warehouse using a service principle.
If there are any questions or comments, please leave them in the section below.
And finally, if you want the complete code please find it below.
# Get the current workspace ID
workspace_id = notebookutils.runtime.context.get("currentWorkspaceId")
# print(f'Workspace ID: {workspace_id}')
#########################################################################################
# Read secretes from Azure Key Vault
#########################################################################################
## This is the name of my Azure Key Vault
key_vault = "https://domain.vault.azure.net/"
## I have stored my tenant id as one of the secrets to make it easier to use when needed
tenant = mssparkutils.credentials.getSecret(key_vault , "tenantid")
## This is my application Id for my service principal account
client = mssparkutils.credentials.getSecret(key_vault , "pbi-sp-applicationid")
## This is my Client Secret for my service principal account
client_secret = mssparkutils.credentials.getSecret(key_vault , "powerbi-sp-clientsecret")
#########################################################################################
# Authentication - Replace string variables with your relevant values
#########################################################################################
import json, requests, pandas as pd
from azure.identity import ClientSecretCredential
!pip install azure.identity
from azure.identity import ClientSecretCredential
# Generates the access token for the Service Principal
api = 'https://analysis.windows.net/powerbi/api/.default'
auth = ClientSecretCredential(authority = 'https://login.microsoftonline.com/',
client_secret = client_secret)
access_token = auth.get_token(api)
access_token = access_token.token
## This is where I store my header with the Access Token, because this is required when authenticating
## to the Power BI Admin APIs
header = {'Authorization': f'Bearer {access_token}'}
print('\nSuccessfully authenticated.')
# Create Case Insensitive Warehouse
# API to Create Warehouse
api_url = f"https://api.fabric.microsoft.com/v1/workspaces/{workspace_id}/items"
# JSON Payload to Post to create the Case Insensitive Collation
"displayName": "WH_Service_Principal",
"description": "New Lakehouse Service Principal case-insensitive collation",
"defaultCollation": "Latin1_General_100_CI_AS_KS_WS_SC_UTF8"
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
# Checking the Payload Looks Good
# Post the API Response to create the Warehouse
response = requests.post(api_url, headers=headers, json=payload)
# Load mssparkutils
import notebookutils
# Get the current workspace ID
workspace_id = notebookutils.runtime.context.get("currentWorkspaceId")
# print(f'Workspace ID: {workspace_id}')
#########################################################################################
# Read secretes from Azure Key Vault
#########################################################################################
## This is the name of my Azure Key Vault
key_vault = "https://domain.vault.azure.net/"
## I have stored my tenant id as one of the secrets to make it easier to use when needed
tenant = mssparkutils.credentials.getSecret(key_vault , "tenantid")
## This is my application Id for my service principal account
client = mssparkutils.credentials.getSecret(key_vault , "pbi-sp-applicationid")
## This is my Client Secret for my service principal account
client_secret = mssparkutils.credentials.getSecret(key_vault , "powerbi-sp-clientsecret")
#########################################################################################
# Authentication - Replace string variables with your relevant values
#########################################################################################
import json, requests, pandas as pd
import datetime
try:
from azure.identity import ClientSecretCredential
except Exception:
!pip install azure.identity
from azure.identity import ClientSecretCredential
# Generates the access token for the Service Principal
api = 'https://analysis.windows.net/powerbi/api/.default'
auth = ClientSecretCredential(authority = 'https://login.microsoftonline.com/',
tenant_id = tenant,
client_id = client,
client_secret = client_secret)
access_token = auth.get_token(api)
access_token = access_token.token
## This is where I store my header with the Access Token, because this is required when authenticating
## to the Power BI Admin APIs
header = {'Authorization': f'Bearer {access_token}'}
print('\nSuccessfully authenticated.')
# Create Case Insensitive Warehouse
import pandas as pd
import requests
# API to Create Warehouse
api_url = f"https://api.fabric.microsoft.com/v1/workspaces/{workspace_id}/items"
display(api_url)
# JSON Payload to Post to create the Case Insensitive Collation
payload = {
"type": "warehouse",
"displayName": "WH_Service_Principal",
"description": "New Lakehouse Service Principal case-insensitive collation",
"creationPayload": {
"defaultCollation": "Latin1_General_100_CI_AS_KS_WS_SC_UTF8"
}
}
headers = {
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
}
# Checking the Payload Looks Good
display(payload)
# Post the API Response to create the Warehouse
response = requests.post(api_url, headers=headers, json=payload)
# Load mssparkutils
import notebookutils
# Get the current workspace ID
workspace_id = notebookutils.runtime.context.get("currentWorkspaceId")
# print(f'Workspace ID: {workspace_id}')
#########################################################################################
# Read secretes from Azure Key Vault
#########################################################################################
## This is the name of my Azure Key Vault
key_vault = "https://domain.vault.azure.net/"
## I have stored my tenant id as one of the secrets to make it easier to use when needed
tenant = mssparkutils.credentials.getSecret(key_vault , "tenantid")
## This is my application Id for my service principal account
client = mssparkutils.credentials.getSecret(key_vault , "pbi-sp-applicationid")
## This is my Client Secret for my service principal account
client_secret = mssparkutils.credentials.getSecret(key_vault , "powerbi-sp-clientsecret")
#########################################################################################
# Authentication - Replace string variables with your relevant values
#########################################################################################
import json, requests, pandas as pd
import datetime
try:
from azure.identity import ClientSecretCredential
except Exception:
!pip install azure.identity
from azure.identity import ClientSecretCredential
# Generates the access token for the Service Principal
api = 'https://analysis.windows.net/powerbi/api/.default'
auth = ClientSecretCredential(authority = 'https://login.microsoftonline.com/',
tenant_id = tenant,
client_id = client,
client_secret = client_secret)
access_token = auth.get_token(api)
access_token = access_token.token
## This is where I store my header with the Access Token, because this is required when authenticating
## to the Power BI Admin APIs
header = {'Authorization': f'Bearer {access_token}'}
print('\nSuccessfully authenticated.')
# Create Case Insensitive Warehouse
import pandas as pd
import requests
# API to Create Warehouse
api_url = f"https://api.fabric.microsoft.com/v1/workspaces/{workspace_id}/items"
display(api_url)
# JSON Payload to Post to create the Case Insensitive Collation
payload = {
"type": "warehouse",
"displayName": "WH_Service_Principal",
"description": "New Lakehouse Service Principal case-insensitive collation",
"creationPayload": {
"defaultCollation": "Latin1_General_100_CI_AS_KS_WS_SC_UTF8"
}
}
headers = {
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
}
# Checking the Payload Looks Good
display(payload)
# Post the API Response to create the Warehouse
response = requests.post(api_url, headers=headers, json=payload)
Related
[…] Gilbert Quevauvilliers sets up a new warehouse: […]