我正在尝试使用 rest api 刷新 Azure Analysys 表(https://docs.microsoft.com/en-us/azure/analysis-services/analysis-services-async-refresh) 和 python。我创建了一个具有服务器管理员角色的用户和一个具有所有者角色的 Azure 广告应用程序,但 rest api 似乎拒绝了访问令牌。我该如何分配必要的权限或我做错了什么。我试图访问 Analysis Services,例如:
import adal
tenant_id = '...'
authentication_endpoint = f'https://login.windows.net/{tenant_id}'
resource = 'https://westeurope.asazure.windows.net/'
client_id = '...'
client_secret = '...'
# get an Azure access token using the adal library
context = adal.AuthenticationContext(authentication_endpoint)
token_response = context.acquire_token_with_client_credentials(resource, client_id, client_secret)
access_token = token_response.get('accessToken')
print(access_token)
#####################################################
import json
import requests
location = 'westeurope'
server_name = '...'
model = '...'
url = f'https://{location}.asazure.windows.net/servers/{server_name}/models/{model}/refreshes'
table = '...'
objects = [ dict(table=table) ]
data = dict(
type = 'Full',
# CommitMode = 'transactional',
# MaxParallelism = 2,
RetryCount = 2,
Objects = objects,
)
headers = {
'Content-Type': 'application/json',
'Authorization': f'Bearer {access_token}',
}
response = requests.post(url=url, headers=headers, data = json.dumps(data))
print(response.text)
print(response.status_code)
响应如下:
{"code":"Unauthorized","subCode":0,"message":"An internal error occurred.","timeStamp":"...","httpStatusCode":400,"details":[{"code":"RootActivityId","message":"..."},{"code":"Param1","message":"asazure://asazureweu3-westeurope.asazure.windows.net/..."}]}
400
答案1
要调用refreshesAPI,服务主体必须在 SSAS 中具有管理员权限。这不是通过 Azure 门户实现的,而是通过 SQL Server Management Studio 实现的,如上所述这里。
创建服务主体后,可以使用以下语法在 Azure Analysis Services 服务器或模型角色中为其应用程序 ID 分配权限。下面的示例将服务主体添加到 SSMS 中的服务器管理员组。
app:<app guid>@<tenant guid>
