Edit

Share via

Users - List Access Entities

Service:
Admin
API Version:
v1

Returns a list of permission details for Fabric and PowerBI items the specified user can access.

Note

This API is part of a Preview release and is provided for evaluation and development purposes only. It may change based on feedback and is not recommended for production use.

This API supports pagination. A maximum of 10,000 records can be returned per request. With the continuous token provided in the response, you can get the next 10,000 records.

Page order:

  1. Fabric items
  2. Datamarts
  3. Reports
  4. Dashboards
  5. SemanticModels
  6. Apps
  7. Dataflows

Permissions

The caller must be a Fabric administrator or authenticate using a service principal.

Required Delegated Scopes

Tenant.Read.All or Tenant.ReadWrite.All

Limitations

Maximum 200 requests per hour.

Microsoft Entra supported identities

This API supports the Microsoft identities listed in this section.

Identity Support
User Yes
Service principal and Managed identities Yes

Interface

GET https://api.fabric.microsoft.com/v1/admin/users/{userId}/access
With optional parameters: 
GET https://api.fabric.microsoft.com/v1/admin/users/{userId}/access?type={type}&continuationToken={continuationToken}

URI Parameters

Name In Required Type Description
userId
 path True

string

The user graph ID or User Principal Name (UPN).
continuationToken
 query

string

Continuous token used to get the next page items.
type
 query

string

The item type.

Responses

Name Type Description
200 OK

AccessEntityResponse

The operation was successful.
429 Too Many Requests

ErrorResponse

The service rate limit was exceeded. The server returns a Retry-After header indicating, in seconds, how long the client must wait before sending additional requests.

Headers

Retry-After: integer
Other Status Codes

ErrorResponse

Common error codes:

  • InvalidPrincipal - User ID doesn't exist in Microsoft Entra, or the caller doesn't have permissions to call the API.

Examples

List item access details by graph ID and type query parameter example
List item access details by graph ID example
List item access details by User Principal Name (UPN) example

List item access details by graph ID and type query parameter example

Sample request

GET https://api.fabric.microsoft.com/v1/admin/users/f089354e-8366-4e18-aea3-4cb4a3a50b48/access?type=Report

Sample response

Status code:
200 
{
  "accessEntities": [
    {
      "id": "17d8929d-ab32-46d1-858b-fdea74e93bf2",
      "displayName": "Test Report",
      "category": "Item",
      "itemAccessDetails": {
        "type": "Report",
        "permissions": [
          "Read",
          "Reshare"
        ],
        "additionalPermissions": [
          "ReadAll",
          "viewOutput"
        ]
      }
    }
  ],
  "continuationUri": null,
  "continuationToken": null
}

List item access details by graph ID example

Sample request

GET https://api.fabric.microsoft.com/v1/admin/users/f089354e-8366-4e18-aea3-4cb4a3a50b48/access

Sample response

Status code:
200 
{
  "accessEntities": [
    {
      "id": "17d8929d-ab32-46d1-858b-fdea74e93bf2",
      "displayName": "TestNotebook",
      "category": "Item",
      "itemAccessDetails": {
        "type": "Notebook",
        "permissions": [
          "Read",
          "Reshare",
          "Explore"
        ],
        "additionalPermissions": [
          "ReadAll",
          "viewOutput"
        ]
      }
    }
  ],
  "continuationUri": "https://api.fabric.microsoft.com/v1/admin/users/f3052d1c-61a9-46fb-8df9-0d78916ae041/access/?continuationToken=MSwxMDAwMCww",
  "continuationToken": "MSwxMDAwMCww"
}

List item access details by User Principal Name (UPN) example

Sample request

GET https://api.fabric.microsoft.com/v1/admin/users/Test@Contoso.com/access

Sample response

Status code:
200 
{
  "accessEntities": [
    {
      "id": "17d8929d-ab32-46d1-858b-fdea74e93bf2",
      "displayName": "TestNotebook",
      "category": "Item",
      "itemAccessDetails": {
        "type": "Notebook",
        "permissions": [
          "Read",
          "Reshare",
          "Explore"
        ],
        "additionalPermissions": [
          "ReadAll",
          "viewOutput"
        ]
      }
    }
  ],
  "continuationUri": "https://api.fabric.microsoft.com/v1/admin/users/f3052d1c-61a9-46fb-8df9-0d78916ae041/access/?continuationToken=MSwxMDAwMCww",
  "continuationToken": "MSwxMDAwMCww"
}

Definitions

Name Description
AccessEntity

Access details for the given user.
AccessEntityResponse

A list of entities and permissions.
Category

The category of the item type. Additional category types may be added over time.
ErrorRelatedResource

The error related resource details object.
ErrorResponse

The error response.
ErrorResponseDetails

The error response details.
ItemAccessDetail

Item permission details such as read and reshare.
ItemPermissions

Item permissions. Additional item permissions may be added over time.
ItemType

The type of the item. Additional item types may be added over time.

AccessEntity

Object

Access details for the given user.

Name Type Description
category

Category

Entity category such as item.
displayName

string

Entity name.
id

string (uuid)

The object ID of the entity.
itemAccessDetails

ItemAccessDetail

Item permissions.
type

string

Entity type.

AccessEntityResponse

Object

A list of entities and permissions.

Name Type Description
accessEntities

AccessEntity[]

A list of users with access to an entity.
continuationToken

string

The token for the next result set batch. If there are no more records, it's removed from the response.
continuationUri

string

The URI of the next result set batch. If there are no more records, it's removed from the response.

Category

Enumeration

The category of the item type. Additional category types may be added over time.

Value Description
Item

Fabric items such as Notebook, Synapse and KQL Database.

ErrorRelatedResource

Object

The error related resource details object.

Name Type Description
resourceId

string

The resource ID that's involved in the error.
resourceType

string

The type of the resource that's involved in the error.

ErrorResponse

Object

The error response.

Name Type Description
errorCode

string

A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users.
message

string

A human readable representation of the error.
moreDetails

ErrorResponseDetails[]

List of additional error details.
relatedResource

ErrorRelatedResource

The error related resource details.
requestId

string (uuid)

ID of the request associated with the error.

ErrorResponseDetails

Object

The error response details.

Name Type Description
errorCode

string

A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users.
message

string

A human readable representation of the error.
relatedResource

ErrorRelatedResource

The error related resource details.

ItemAccessDetail

Object

Item permission details such as read and reshare.

Name Type Description
additionalPermissions

string[]

Workload permissions such as readAll and viewOutput.
permissions

ItemPermissions[]

Item permissions such as read and reshare.
type

ItemType

Entity type.

ItemPermissions

Enumeration

Item permissions. Additional item permissions may be added over time.

Value Description
Read

User can read the metadata about an item.
Write

User can perform write operations on an item.
Reshare

User can share an item with other users.
Explore

User can build items on other items.
Execute

User can execute and cancel item jobs.

ItemType

Enumeration

The type of the item. Additional item types may be added over time.

Value Description
Dashboard

PowerBI dashboard.
Report

PowerBI report.
SemanticModel

PowerBI semantic model.
PaginatedReport

PowerBI paginated report.
Datamart

PowerBI datamart.
Lakehouse

A lakehouse.
Eventhouse

An eventhouse.
Environment

An environment.
KQLDatabase

A KQL database.
KQLQueryset

A KQL queryset.
KQLDashboard

A KQL dashboard.
DataPipeline

A data pipeline.
Notebook

A notebook.
SparkJobDefinition

A spark job definition.
MLExperiment

A machine learning experiment.
MLModel

A machine learning model.
Warehouse

A warehouse.
Eventstream

An eventstream.
SQLEndpoint

An SQL endpoint.
MirroredWarehouse

A mirrored warehouse.
MirroredDatabase

A mirrored database.
Reflex

A Reflex.
GraphQLApi

An API for GraphQL item.
MountedDataFactory

A MountedDataFactory.
SQLDatabase

A SQLDatabase.
CopyJob

A Copy job.
VariableLibrary

A VariableLibrary.
Dataflow

A Dataflow.
ApacheAirflowJob

An ApacheAirflowJob.
WarehouseSnapshot

A Warehouse snapshot.
DigitalTwinBuilder

A DigitalTwinBuilder.
DigitalTwinBuilderFlow

A Digital Twin Builder Flow.
MirroredAzureDatabricksCatalog

A mirrored azure databricks catalog.
Map

A Map.
AnomalyDetector

An Anomaly Detector.
UserDataFunction

A User Data Function.
GraphModel

A GraphModel.
GraphQuerySet

A Graph QuerySet.
SnowflakeDatabase

A Snowflake Database to store Iceberg tables created from Snowflake account.
OperationsAgent

A OperationsAgent.
CosmosDBDatabase

A Cosmos DB Database.
Ontology

An Ontology.
EventSchemaSet

An EventSchemaSet.
DataAgent

A DataAgent.