Items - List Item Access Details
Note
This API is in preview.
Returns a list of users (including groups and service principals) and lists their workspace roles.
Permissions
The caller must have administrator rights (such as Office 365 Global administrator or Fabric administrator) or authenticate using a service principal.
Required Delegated Scopes
Tenant.Read.All or Tenant.ReadWrite.All
Limitations
Maximum 200 requests per hour.
Interface
GET https://api.fabric.microsoft.com/v1/admin/workspaces/{workspaceId}/items/{itemId}/users
GET https://api.fabric.microsoft.com/v1/admin/workspaces/{workspaceId}/items/{itemId}/users?type={type}
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
item
|
path | True |
string uuid |
The item ID. |
workspace
|
path | True |
string uuid |
The workspace ID. |
type
|
query |
string |
The type of the item. When querying for the following types, this parameter is required:
|
Responses
Name | Type | Description |
---|---|---|
200 OK |
The operation was successful. |
|
Other Status Codes |
Common error codes:
|
Examples
List of users for given item ID and type example |
List of users for given item ID example |
List of users for given item ID and type example
Sample request
GET https://api.fabric.microsoft.com/v1/admin/workspaces/7f4496db-9929-47bd-89c0-d7eb2f517a98/items/f089354e-8366-4e18-aea3-4cb4a3a50b48/users?type=Report
Sample response
{
"accessDetails": [
{
"principal": {
"id": "f3052d1c-61a9-46fb-8df9-0d78916ae041",
"displayName": "Jacob Hancock",
"type": "User",
"userDetails": {
"userPrincipalName": "jacob@example.com"
}
},
"itemAccessDetails": {
"type": "Report",
"permissions": [
"Read",
"Reshare"
],
"additionalPermissions": [
"ReadAll"
]
}
}
]
}
List of users for given item ID example
Sample request
GET https://api.fabric.microsoft.com/v1/admin/workspaces/7f4496db-9929-47bd-89c0-d7eb2f517a98/items/f089354e-8366-4e18-aea3-4cb4a3a50b48/users
Sample response
{
"accessDetails": [
{
"principal": {
"id": "f3052d1c-61a9-46fb-8df9-0d78916ae041",
"displayName": "Jacob Hancock",
"type": "User",
"userDetails": {
"userPrincipalName": "jacob@example.com"
}
},
"itemAccessDetails": {
"type": "Notebook",
"permissions": [
"Read",
"Reshare"
],
"additionalPermissions": [
"ReadAll",
"viewOutput"
]
}
},
{
"principal": {
"id": "c7db8e03-c8cb-4d4c-9f64-1dcd327c9d3c",
"displayName": "Eric Solomon",
"type": "User",
"userDetails": {
"userPrincipalName": "eric@example.com"
}
},
"itemAccessDetails": {
"type": "Notebook",
"permissions": [
"Read",
"Reshare",
"Explore"
],
"additionalPermissions": [
"ReadAll"
]
}
},
{
"principal": {
"id": "f51b705f-a409-4d40-9197-c5d5f349e2f0",
"displayName": "TestSecurityGroup",
"type": "Group",
"groupDetails": {
"groupType": "SecurityGroup"
}
},
"itemAccessDetails": {
"type": "Notebook",
"permissions": [
"Read",
"Reshare"
],
"additionalPermissions": []
}
}
]
}
Definitions
Name | Description |
---|---|
Error |
The error related resource details object. |
Error |
The error response. |
Error |
The error response details. |
Group |
Group specific details. Applicable when the principal type is |
Group |
The type of the group. Additional group types may be added over time. |
Item |
Item permission details such as read and reshare. |
Item |
User access details for an item. |
Item |
A list of users with access to a given entity. |
Item |
Item permissions. Additional item permissions may be added over time. |
Item |
The type of the item. Additional item types may be added over time. |
Principal | |
Principal |
The type of the principal. Additional principal types may be added over time. |
Service |
Service principal specific details. Applicable when the principal type is |
Service |
Service principal profile details. Applicable when the principal type is |
User |
User principal specific details. Applicable when the principal type is |
ErrorRelatedResource
The error related resource details object.
Name | Type | Description |
---|---|---|
resourceId |
string |
The resource ID that's involved in the error. |
resourceType |
string |
The type of the resource that's involved in the error. |
ErrorResponse
The error response.
Name | Type | Description |
---|---|---|
errorCode |
string |
A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users. |
message |
string |
A human readable representation of the error. |
moreDetails |
List of additional error details. |
|
relatedResource |
The error related resource details. |
|
requestId |
string |
ID of the request associated with the error. |
ErrorResponseDetails
The error response details.
Name | Type | Description |
---|---|---|
errorCode |
string |
A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users. |
message |
string |
A human readable representation of the error. |
relatedResource |
The error related resource details. |
GroupDetails
Group specific details. Applicable when the principal type is Group
.
Name | Type | Description |
---|---|---|
groupType |
The type of the group. Additional group types may be added over time. |
GroupType
The type of the group. Additional group types may be added over time.
Name | Type | Description |
---|---|---|
DistributionList |
string |
Principal is a distribution list. |
SecurityGroup |
string |
Principal is a security group. |
Unknown |
string |
Principal group type is unknown. |
ItemAccessDetail
Item permission details such as read and reshare.
Name | Type | Description |
---|---|---|
additionalPermissions |
string[] |
Workload permissions such as readAll and viewOutput. |
permissions |
Item permissions such as read and reshare. |
|
type |
Entity type. |
ItemAccessDetails
User access details for an item.
Name | Type | Description |
---|---|---|
itemAccessDetails |
Item permissions for the user. |
|
principal |
Information regarding the user who has access to the entity. |
ItemAccessDetailsResponse
A list of users with access to a given entity.
Name | Type | Description |
---|---|---|
accessDetails |
A list of users with access to an entity. |
ItemPermissions
Item permissions. Additional item permissions may be added over time.
Name | Type | Description |
---|---|---|
Execute |
string |
User can execute and cancel item jobs. |
Explore |
string |
User can build items on other items. |
Read |
string |
User can read the metadata about an item. |
Reshare |
string |
User can share an item with other users. |
Write |
string |
User can perform write operations on an item. |
ItemType
The type of the item. Additional item types may be added over time.
Name | Type | Description |
---|---|---|
Dashboard |
string |
PowerBI dashboard. |
DataPipeline |
string |
A data pipeline. |
Datamart |
string |
PowerBI datamart. |
Environment |
string |
An environment. |
Eventhouse |
string |
An eventhouse. |
Eventstream |
string |
An eventstream. |
KQLDatabase |
string |
A KQL database. |
KQLQueryset |
string |
A KQL queryset. |
Lakehouse |
string |
A lakehouse. |
MLExperiment |
string |
A machine learning experiment. |
MLModel |
string |
A machine learning model. |
MirroredWarehouse |
string |
A mirrored warehouse. |
Notebook |
string |
A notebook. |
PaginatedReport |
string |
PowerBI paginated report. |
Report |
string |
PowerBI report. |
SQLEndpoint |
string |
An SQL endpoint. |
SemanticModel |
string |
PowerBI semantic model. |
SparkJobDefinition |
string |
A spark job definition. |
Warehouse |
string |
A warehouse. |
Principal
Name | Type | Description |
---|---|---|
displayName |
string |
The principal's display name. |
groupDetails |
Group specific details. Applicable when the principal type is |
|
id |
string |
The principal's ID. |
servicePrincipalDetails |
Service principal specific details. Applicable when the principal type is |
|
servicePrincipalProfileDetails |
Service principal profile details. Applicable when the principal type is |
|
type |
The type of the principal. Additional principal types may be added over time. |
|
userDetails |
User principal specific details. Applicable when the principal type is |
PrincipalType
The type of the principal. Additional principal types may be added over time.
Name | Type | Description |
---|---|---|
Group |
string |
Principal is a security group. |
ServicePrincipal |
string |
Principal is a Microsoft Entra service principal. |
ServicePrincipalProfile |
string |
Principal is a service principal profile. |
User |
string |
Principal is a Microsoft Entra user principal. |
ServicePrincipalDetails
Service principal specific details. Applicable when the principal type is ServicePrincipal
.
Name | Type | Description |
---|---|---|
aadAppId |
string |
The service principal's Microsoft Entra AppId. |
ServicePrincipalProfileDetails
Service principal profile details. Applicable when the principal type is ServicePrincipalProfile
.
Name | Type | Description |
---|---|---|
parentPrincipal |
The service principal profile's parent principal. |
UserDetails
User principal specific details. Applicable when the principal type is User
.
Name | Type | Description |
---|---|---|
userPrincipalName |
string |
The user principal name. |