Add-DataGatewayClusterUser

Add user and associated permissions to cluster

Syntax

Add-DataGatewayClusterUser
   [-Scope <PowerBIUserScope>]
   -GatewayClusterId <Guid>
   -PrincipalObjectId <Guid>
   [-AllowedDataSourceTypes <DatasourceType[]>]
   -Role <GatewayPrincipalRole>
   [-RegionKey <String>]
   [<CommonParameters>]

Description

Add user and associated permissions to cluster

Examples

Example 1

PS C:\> $userToAdd = $(Get-AzADUser -ObjectId "[email protected]").Id
PS C:\> $dsTypes = New-Object 'System.Collections.Generic.List[Microsoft.PowerBI.ServiceContracts.Api.DatasourceType]'
PS C:\> $dsTypes.Add([Microsoft.DataMovement.Powershell.GatewayClient.Gateways.Entities.DataSourceType]::Sql)
PS C:\> Add-DataGatewayClusterUser -GatewayClusterId DC8F2C49-5731-4B27-966B-3DB5094C2E77 -PrincipalObjectId $userToAdd -AllowedDataSourceTypes $dsTypes -Role ConnectionCreatorWithReshare

This example adds the user "[email protected]" in the role of ConnectionCreatorWithReshare to the gateway cluster for SQL datasource types.

Example 2

PS C:\> $userToAdd = $(Get-AzADUser -ObjectId "[email protected]").Id
PS C:\> Add-DataGatewayClusterUser -GatewayClusterId DC8F2C49-5731-4B27-966B-3DB5094C2E77 -PrincipalObjectId $userToAdd -AllowedDataSourceTypes $null -Role Admin

This example adds the user "[email protected]" in the role of Admin to the gateway cluster for all datasource types. Note, the AllowedDataSourceTypes must be null when the role is admin (implying all datasource types are allowed).

Example 3

PS C:\> $userToAdd = $(Get-AzADUser -ObjectId "[email protected]").Id
PS C:\> Add-DataGatewayClusterUser -GatewayClusterId DC8F2C49-5731-4B27-966B-3DB5094C2E77 -PrincipalObjectId $userToAdd -AllowedDataSourceTypes $null -Role Admin -RegionKey brazilsouth

This example adds the user "[email protected]" in the role of Admin to the gateway cluster for all datasource types. Note, the AllowedDataSourceTypes must be null when the role is admin (implying all datasource types are allowed). This command is run in the Brazil south region, so the gateway cluster ID provided should be in that region.

Example 4

PS C:\> $userToAdd = $(Get-AzADServicePrincipal -ApplicationId DC8F2C49-9087-4B27-966B-3DB5094C2E77).Id
PS C:\> Add-DataGatewayClusterUser -GatewayClusterId DC8F2C49-5731-4B27-966B-3DB5094C2E77 -PrincipalObjectId $userToAdd -AllowedDataSourceTypes $null -Role Admin -RegionKey brazilsouth

This example adds the the service principal for application id DC8F2C49-9087-4B27-966B-3DB5094C2E77 in the role of Admin to the gateway cluster for all datasource types. For more information, see Get-AzADServicePrincipal. Note that the AllowedDataSourceTypes must be null when the role is admin (implying all datasource types are allowed). This command is run in the Brazil south region, so the gateway cluster ID provided should be in that region.

Parameters

-AllowedDataSourceTypes

Datasource types that are allowed for this user/role combination. This must be null if the role is admin(implying all datasource types are allowed). The list of data source type may change based on supported data sources. Note: This parameter applies only for PowerApps and Flow.

Type:DatasourceType[]
Accepted values:Sql, AnalysisServices, SAPHana, File, Folder, Oracle, Teradata, SharePointList, Web, OData, DB2, MySql, PostgreSql, Sybase, Extension, SAPBW, AzureTables, AzureBlobs, Informix, ODBC, Excel, SharePoint, PubNub, MQ, BizTalk, GoogleAnalytics, CustomHttpApi, Exchange, Facebook, HDInsight, AzureMarketplace, ActiveDirectory, Hdfs, SharePointDocLib, PowerQueryMashup, OleDb, AdoDotNet, R, LOB, Salesforce, CustomConnector, SAPBWMessageServer, AdobeAnalytics, Essbase, AzureDataLakeStorage, SapErp, UIFlow, CDPA, EventHub, Unknown
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-GatewayClusterId

Gateway cluster to which the user should be added

Type:Guid
Aliases:Cluster, Id
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-PrincipalObjectId

Azure Active Directory (AAD) principal object ID (i.e. user ID) to add to the gateway cluster

Type:Guid
Aliases:User
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-RegionKey

The Azure region associated with the specified gateway cluster. Not providing a -RegionKey will run the command in the default region for your tenant. To get the list of available region parameters run the Get-DataGatewayRegion command

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Role

Role to apply to this user on the cluster. Users can be added as admins, connection creators(Can Use) or Connection Creators with sharing(Can use + Share) capability. Connection creators(Can Use) and Connection Creators with sharing(Can use + Share) capability apply only for PowerApps and Flow.

Type:GatewayPrincipalRole
Accepted values:Admin, ConnectionCreator, ConnectionCreatorWithReshare
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Scope

Security Scope to run the command. This would determine if you are running this command in the scope of a Tenant/Service admin or a Gateway Admin

Type:PowerBIUserScope
Accepted values:Individual, Organization
Position:Named
Default value:Individual
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

System.Void