Items - List Item Access Details
Note
This API is in preview.
Returns a list of users (including groups and service principals) and lists their workspace roles.
Permissions
The caller must be a Fabric administrator or authenticate using a service principal.
Required Delegated Scopes
Tenant.Read.All or Tenant.ReadWrite.All
Limitations
Maximum 200 requests per hour.
Microsoft Entra supported identities
This API supports the Microsoft identities listed in this section.
Identity | Support |
---|---|
User | Yes |
Service principal and Managed identities | Yes |
Interface
GET https://api.fabric.microsoft.com/v1/admin/workspaces/{workspaceId}/items/{itemId}/users
GET https://api.fabric.microsoft.com/v1/admin/workspaces/{workspaceId}/items/{itemId}/users?type={type}
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
item
|
path | True |
string uuid |
The item ID. |
workspace
|
path | True |
string uuid |
The workspace ID. |
type
|
query |
string |
The type of the item. When querying for the following types, this parameter is required:
|
Responses
Name | Type | Description |
---|---|---|
200 OK |
The operation was successful. |
|
Other Status Codes |
Common error codes:
|
Examples
List of users for given item ID and type example |
List of users for given item ID example |
List of users for given item ID and type example
Sample request
GET https://api.fabric.microsoft.com/v1/admin/workspaces/7f4496db-9929-47bd-89c0-d7eb2f517a98/items/f089354e-8366-4e18-aea3-4cb4a3a50b48/users?type=Report
Sample response
{
"accessDetails": [
{
"principal": {
"id": "f3052d1c-61a9-46fb-8df9-0d78916ae041",
"displayName": "Jacob Hancock",
"type": "User",
"userDetails": {
"userPrincipalName": "jacob@example.com"
}
},
"itemAccessDetails": {
"type": "Report",
"permissions": [
"Read",
"Reshare"
],
"additionalPermissions": [
"ReadAll"
]
}
}
]
}
List of users for given item ID example
Sample request
GET https://api.fabric.microsoft.com/v1/admin/workspaces/7f4496db-9929-47bd-89c0-d7eb2f517a98/items/f089354e-8366-4e18-aea3-4cb4a3a50b48/users
Sample response
{
"accessDetails": [
{
"principal": {
"id": "f3052d1c-61a9-46fb-8df9-0d78916ae041",
"displayName": "Jacob Hancock",
"type": "User",
"userDetails": {
"userPrincipalName": "jacob@example.com"
}
},
"itemAccessDetails": {
"type": "Notebook",
"permissions": [
"Read",
"Reshare"
],
"additionalPermissions": [
"ReadAll",
"viewOutput"
]
}
},
{
"principal": {
"id": "c7db8e03-c8cb-4d4c-9f64-1dcd327c9d3c",
"displayName": "Eric Solomon",
"type": "User",
"userDetails": {
"userPrincipalName": "eric@example.com"
}
},
"itemAccessDetails": {
"type": "Notebook",
"permissions": [
"Read",
"Reshare",
"Explore"
],
"additionalPermissions": [
"ReadAll"
]
}
},
{
"principal": {
"id": "f51b705f-a409-4d40-9197-c5d5f349e2f0",
"displayName": "TestSecurityGroup",
"type": "Group",
"groupDetails": {
"groupType": "SecurityGroup"
}
},
"itemAccessDetails": {
"type": "Notebook",
"permissions": [
"Read",
"Reshare"
],
"additionalPermissions": []
}
}
]
}
Definitions
Name | Description |
---|---|
Error |
The error related resource details object. |
Error |
The error response. |
Error |
The error response details. |
Group |
Group specific details. Applicable when the principal type is |
Group |
The type of the group. Additional group types may be added over time. |
Item |
Item permission details such as read and reshare. |
Item |
User access details for an item. |
Item |
A list of users with access to a given entity. |
Item |
Item permissions. Additional item permissions may be added over time. |
Item |
The type of the item. Additional item types may be added over time. |
Principal |
Represents an identity or a Microsoft Entra group. |
Principal |
The type of the principal. Additional principal types may be added over time. |
Service |
Service principal specific details. Applicable when the principal type is |
Service |
Service principal profile details. Applicable when the principal type is |
User |
User principal specific details. Applicable when the principal type is |
ErrorRelatedResource
The error related resource details object.
Name | Type | Description |
---|---|---|
resourceId |
string |
The resource ID that's involved in the error. |
resourceType |
string |
The type of the resource that's involved in the error. |
ErrorResponse
The error response.
Name | Type | Description |
---|---|---|
errorCode |
string |
A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users. |
message |
string |
A human readable representation of the error. |
moreDetails |
List of additional error details. |
|
relatedResource |
The error related resource details. |
|
requestId |
string |
ID of the request associated with the error. |
ErrorResponseDetails
The error response details.
Name | Type | Description |
---|---|---|
errorCode |
string |
A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users. |
message |
string |
A human readable representation of the error. |
relatedResource |
The error related resource details. |
GroupDetails
Group specific details. Applicable when the principal type is Group
.
Name | Type | Description |
---|---|---|
groupType |
The type of the group. Additional group types may be added over time. |
GroupType
The type of the group. Additional group types may be added over time.
Name | Type | Description |
---|---|---|
DistributionList |
string |
Principal is a distribution list. |
SecurityGroup |
string |
Principal is a security group. |
Unknown |
string |
Principal group type is unknown. |
ItemAccessDetail
Item permission details such as read and reshare.
Name | Type | Description |
---|---|---|
additionalPermissions |
string[] |
Workload permissions such as readAll and viewOutput. |
permissions |
Item permissions such as read and reshare. |
|
type |
Entity type. |
ItemAccessDetails
User access details for an item.
Name | Type | Description |
---|---|---|
itemAccessDetails |
Item permissions for the user. |
|
principal |
Information regarding the user who has access to the entity. |
ItemAccessDetailsResponse
A list of users with access to a given entity.
Name | Type | Description |
---|---|---|
accessDetails |
A list of users with access to an entity. |
ItemPermissions
Item permissions. Additional item permissions may be added over time.
Name | Type | Description |
---|---|---|
Execute |
string |
User can execute and cancel item jobs. |
Explore |
string |
User can build items on other items. |
Read |
string |
User can read the metadata about an item. |
Reshare |
string |
User can share an item with other users. |
Write |
string |
User can perform write operations on an item. |
ItemType
The type of the item. Additional item types may be added over time.
Name | Type | Description |
---|---|---|
Dashboard |
string |
PowerBI dashboard. |
DataPipeline |
string |
A data pipeline. |
Datamart |
string |
PowerBI datamart. |
Environment |
string |
An environment. |
Eventhouse |
string |
An eventhouse. |
Eventstream |
string |
An eventstream. |
KQLDashboard |
string |
A KQL dashboard. |
KQLDatabase |
string |
A KQL database. |
KQLQueryset |
string |
A KQL queryset. |
Lakehouse |
string |
A lakehouse. |
MLExperiment |
string |
A machine learning experiment. |
MLModel |
string |
A machine learning model. |
MirroredDatabase |
string |
A mirrored database. |
MirroredWarehouse |
string |
A mirrored warehouse. |
Notebook |
string |
A notebook. |
PaginatedReport |
string |
PowerBI paginated report. |
Reflex |
string |
A Reflex. |
Report |
string |
PowerBI report. |
SQLEndpoint |
string |
An SQL endpoint. |
SemanticModel |
string |
PowerBI semantic model. |
SparkJobDefinition |
string |
A spark job definition. |
Warehouse |
string |
A warehouse. |
Principal
Represents an identity or a Microsoft Entra group.
Name | Type | Description |
---|---|---|
displayName |
string |
The principal's display name. |
groupDetails |
Group specific details. Applicable when the principal type is |
|
id |
string |
The principal's ID. |
servicePrincipalDetails |
Service principal specific details. Applicable when the principal type is |
|
servicePrincipalProfileDetails |
Service principal profile details. Applicable when the principal type is |
|
type |
The type of the principal. Additional principal types may be added over time. |
|
userDetails |
User principal specific details. Applicable when the principal type is |
PrincipalType
The type of the principal. Additional principal types may be added over time.
Name | Type | Description |
---|---|---|
Group |
string |
Principal is a security group. |
ServicePrincipal |
string |
Principal is a Microsoft Entra service principal. |
ServicePrincipalProfile |
string |
Principal is a service principal profile. |
User |
string |
Principal is a Microsoft Entra user principal. |
ServicePrincipalDetails
Service principal specific details. Applicable when the principal type is ServicePrincipal
.
Name | Type | Description |
---|---|---|
aadAppId |
string |
The service principal's Microsoft Entra AppId. |
ServicePrincipalProfileDetails
Service principal profile details. Applicable when the principal type is ServicePrincipalProfile
.
Name | Type | Description |
---|---|---|
parentPrincipal |
The service principal profile's parent principal. |
UserDetails
User principal specific details. Applicable when the principal type is User
.
Name | Type | Description |
---|---|---|
userPrincipalName |
string |
The user principal name. |