Items - List Item Access Details
Returns a list of users (including groups and service principals) and lists their workspace roles.
Note
This API is part of a Preview release and is provided for evaluation and development purposes only. It may change based on feedback and is not recommended for production use.
Permissions
The caller must be a Fabric administrator or authenticate using a service principal.
Required Delegated Scopes
Tenant.Read.All or Tenant.ReadWrite.All
Limitations
Maximum 200 requests per hour.
Microsoft Entra supported identities
This API supports the Microsoft identities listed in this section.
| Identity | Support |
|---|---|
| User | Yes |
| Service principal and Managed identities | Yes |
Interface
GET https://api.fabric.microsoft.com/v1/admin/workspaces/{workspaceId}/items/{itemId}/usersGET https://api.fabric.microsoft.com/v1/admin/workspaces/{workspaceId}/items/{itemId}/users?type={type}URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
item
|
path | True |
string (uuid) |
The item ID. |
|
workspace
|
path | True |
string (uuid) |
The workspace ID. |
|
type
|
query |
string |
The type of the item. When querying for the following types, this parameter is required:
|
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
The operation was successful. |
|
| Other Status Codes |
Common error codes:
|
Examples
| List of users for given item ID and type example |
| List of users for given item ID example |
List of users for given item ID and type example
Sample request
GET https://api.fabric.microsoft.com/v1/admin/workspaces/7f4496db-9929-47bd-89c0-d7eb2f517a98/items/f089354e-8366-4e18-aea3-4cb4a3a50b48/users?type=Report
Sample response
{
"accessDetails": [
{
"principal": {
"id": "f3052d1c-61a9-46fb-8df9-0d78916ae041",
"displayName": "Jacob Hancock",
"type": "User",
"userDetails": {
"userPrincipalName": "jacob@example.com"
}
},
"itemAccessDetails": {
"type": "Report",
"permissions": [
"Read",
"Reshare"
],
"additionalPermissions": [
"ReadAll"
]
}
}
]
}List of users for given item ID example
Sample request
GET https://api.fabric.microsoft.com/v1/admin/workspaces/7f4496db-9929-47bd-89c0-d7eb2f517a98/items/f089354e-8366-4e18-aea3-4cb4a3a50b48/users
Sample response
{
"accessDetails": [
{
"principal": {
"id": "f3052d1c-61a9-46fb-8df9-0d78916ae041",
"displayName": "Jacob Hancock",
"type": "User",
"userDetails": {
"userPrincipalName": "jacob@example.com"
}
},
"itemAccessDetails": {
"type": "Notebook",
"permissions": [
"Read",
"Reshare"
],
"additionalPermissions": [
"ReadAll",
"viewOutput"
]
}
},
{
"principal": {
"id": "c7db8e03-c8cb-4d4c-9f64-1dcd327c9d3c",
"displayName": "Eric Solomon",
"type": "User",
"userDetails": {
"userPrincipalName": "eric@example.com"
}
},
"itemAccessDetails": {
"type": "Notebook",
"permissions": [
"Read",
"Reshare",
"Explore"
],
"additionalPermissions": [
"ReadAll"
]
}
},
{
"principal": {
"id": "f51b705f-a409-4d40-9197-c5d5f349e2f0",
"displayName": "TestSecurityGroup",
"type": "Group",
"groupDetails": {
"groupType": "SecurityGroup"
}
},
"itemAccessDetails": {
"type": "Notebook",
"permissions": [
"Read",
"Reshare"
],
"additionalPermissions": []
}
}
]
}Definitions
| Name | Description |
|---|---|
|
Error |
The error related resource details object. |
|
Error |
The error response. |
|
Error |
The error response details. |
|
Group |
Group specific details. Applicable when the principal type is |
|
Group |
The type of the group. Additional group types may be added over time. |
|
Item |
Item permission details such as read and reshare. |
|
Item |
User access details for an item. |
|
Item |
A list of users with access to a given entity. |
|
Item |
Item permissions. Additional item permissions may be added over time. |
|
Item |
The type of the item. Additional item types may be added over time. |
| Principal |
Represents an identity or a Microsoft Entra group. |
|
Principal |
The type of the principal. Additional principal types may be added over time. |
|
Service |
Service principal specific details. Applicable when the principal type is |
|
Service |
Service principal profile details. Applicable when the principal type is |
|
User |
User principal specific details. Applicable when the principal type is |
ErrorRelatedResource
The error related resource details object.
| Name | Type | Description |
|---|---|---|
| resourceId |
string |
The resource ID that's involved in the error. |
| resourceType |
string |
The type of the resource that's involved in the error. |
ErrorResponse
The error response.
| Name | Type | Description |
|---|---|---|
| errorCode |
string |
A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users. |
| message |
string |
A human readable representation of the error. |
| moreDetails |
List of additional error details. |
|
| relatedResource |
The error related resource details. |
|
| requestId |
string |
ID of the request associated with the error. |
ErrorResponseDetails
The error response details.
| Name | Type | Description |
|---|---|---|
| errorCode |
string |
A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users. |
| message |
string |
A human readable representation of the error. |
| relatedResource |
The error related resource details. |
GroupDetails
Group specific details. Applicable when the principal type is Group.
| Name | Type | Description |
|---|---|---|
| groupType |
The type of the group. Additional group types may be added over time. |
GroupType
The type of the group. Additional group types may be added over time.
| Value | Description |
|---|---|
| Unknown |
Principal group type is unknown. |
| SecurityGroup |
Principal is a security group. |
| DistributionList |
Principal is a distribution list. |
ItemAccessDetail
Item permission details such as read and reshare.
| Name | Type | Description |
|---|---|---|
| additionalPermissions |
string[] |
Workload permissions such as readAll and viewOutput. |
| permissions |
Item permissions such as read and reshare. |
|
| type |
Entity type. |
ItemAccessDetails
User access details for an item.
| Name | Type | Description |
|---|---|---|
| itemAccessDetails |
Item permissions for the user. |
|
| principal |
Information regarding the user who has access to the entity. |
ItemAccessDetailsResponse
A list of users with access to a given entity.
| Name | Type | Description |
|---|---|---|
| accessDetails |
A list of users with access to an entity. |
ItemPermissions
Item permissions. Additional item permissions may be added over time.
| Value | Description |
|---|---|
| Read |
User can read the metadata about an item. |
| Write |
User can perform write operations on an item. |
| Reshare |
User can share an item with other users. |
| Explore |
User can build items on other items. |
| Execute |
User can execute and cancel item jobs. |
ItemType
The type of the item. Additional item types may be added over time.
| Value | Description |
|---|---|
| Dashboard |
PowerBI dashboard. |
| Report |
PowerBI report. |
| SemanticModel |
PowerBI semantic model. |
| PaginatedReport |
PowerBI paginated report. |
| Datamart |
PowerBI datamart. |
| Lakehouse |
A lakehouse. |
| Eventhouse |
An eventhouse. |
| Environment |
An environment. |
| KQLDatabase |
A KQL database. |
| KQLQueryset |
A KQL queryset. |
| KQLDashboard |
A KQL dashboard. |
| DataPipeline |
A data pipeline. |
| Notebook |
A notebook. |
| SparkJobDefinition |
A spark job definition. |
| MLExperiment |
A machine learning experiment. |
| MLModel |
A machine learning model. |
| Warehouse |
A warehouse. |
| Eventstream |
An eventstream. |
| SQLEndpoint |
An SQL endpoint. |
| MirroredWarehouse |
A mirrored warehouse. |
| MirroredDatabase |
A mirrored database. |
| Reflex |
A Reflex. |
| GraphQLApi |
An API for GraphQL item. |
| MountedDataFactory |
A MountedDataFactory. |
| SQLDatabase |
A SQLDatabase. |
| CopyJob |
A Copy job. |
| VariableLibrary |
A VariableLibrary. |
| Dataflow |
A Dataflow. |
| ApacheAirflowJob |
An ApacheAirflowJob. |
| WarehouseSnapshot |
A Warehouse snapshot. |
| DigitalTwinBuilder |
A DigitalTwinBuilder. |
| DigitalTwinBuilderFlow |
A Digital Twin Builder Flow. |
| MirroredAzureDatabricksCatalog |
A mirrored azure databricks catalog. |
Principal
Represents an identity or a Microsoft Entra group.
| Name | Type | Description |
|---|---|---|
| displayName |
string |
The principal's display name. |
| groupDetails |
Group specific details. Applicable when the principal type is |
|
| id |
string (uuid) |
The principal's ID. |
| servicePrincipalDetails |
Service principal specific details. Applicable when the principal type is |
|
| servicePrincipalProfileDetails |
Service principal profile details. Applicable when the principal type is |
|
| type |
The type of the principal. Additional principal types may be added over time. |
|
| userDetails |
User principal specific details. Applicable when the principal type is |
PrincipalType
The type of the principal. Additional principal types may be added over time.
| Value | Description |
|---|---|
| User |
Principal is a Microsoft Entra user principal. |
| ServicePrincipal |
Principal is a Microsoft Entra service principal. |
| Group |
Principal is a security group. |
| ServicePrincipalProfile |
Principal is a service principal profile. |
ServicePrincipalDetails
Service principal specific details. Applicable when the principal type is ServicePrincipal.
| Name | Type | Description |
|---|---|---|
| aadAppId |
string (uuid) |
The service principal's Microsoft Entra AppId. |
ServicePrincipalProfileDetails
Service principal profile details. Applicable when the principal type is ServicePrincipalProfile.
| Name | Type | Description |
|---|---|---|
| parentPrincipal |
The service principal profile's parent principal. |
UserDetails
User principal specific details. Applicable when the principal type is User.
| Name | Type | Description |
|---|---|---|
| userPrincipalName |
string |
The user principal name. |