Items - List Item Access Details

Service:: Admin

API Version:: v1

Returns a list of users (including groups and service principals) and lists their workspace roles.

Note

This API is part of a Preview release and is provided for evaluation and development purposes only. It may change based on feedback and is not recommended for production use.

Permissions

The caller must be a Fabric administrator or authenticate using a service principal.

Required Delegated Scopes

Tenant.Read.All or Tenant.ReadWrite.All

Limitations

Maximum 200 requests per hour.

Microsoft Entra supported identities

This API supports the Microsoft identities listed in this section.

Identity	Support
User	Yes
Service principal and Managed identities	Yes

Interface

GET https://api.fabric.microsoft.com/v1/admin/workspaces/{workspaceId}/items/{itemId}/users

With optional parameters:

GET https://api.fabric.microsoft.com/v1/admin/workspaces/{workspaceId}/items/{itemId}/users?type={type}

URI Parameters

Name	In	Required	Type	Description
itemId	path	True	string (uuid)	The item ID.
workspaceId	path	True	string (uuid)	The workspace ID.
type	query		string	The type of the item. When querying for the following types, this parameter is required: Report Dashboard SemanticModel App Dataflow

Name

Required

Type

Description

itemId

path

True

string (uuid)

The item ID.

workspaceId

path

True

string (uuid)

The workspace ID.

type

query

string

The type of the item. When querying for the following types, this parameter is required:

Report
Dashboard
SemanticModel
App
Dataflow

Responses

Name	Type	Description
200 OK	ItemAccessDetailsResponse	The operation was successful.
Other Status Codes	ErrorResponse	Common error codes: ItemNotFound - Item ID doesn't exist. InvalidItemType - Item type isn't valid.

Name

Type

Description

200 OK

ItemAccessDetailsResponse

The operation was successful.

Other Status Codes

ErrorResponse

Common error codes:

ItemNotFound - Item ID doesn't exist.
InvalidItemType - Item type isn't valid.

Examples

List of users for given item ID and type example

List of users for given item ID example

List of users for given item ID and type example

Sample request

HTTP

GET https://api.fabric.microsoft.com/v1/admin/workspaces/7f4496db-9929-47bd-89c0-d7eb2f517a98/items/f089354e-8366-4e18-aea3-4cb4a3a50b48/users?type=Report

Sample response

Status code:: 200

{
  "accessDetails": [
    {
      "principal": {
        "id": "f3052d1c-61a9-46fb-8df9-0d78916ae041",
        "displayName": "Jacob Hancock",
        "type": "User",
        "userDetails": {
          "userPrincipalName": "jacob@example.com"
        }
      },
      "itemAccessDetails": {
        "type": "Report",
        "permissions": [
          "Read",
          "Reshare"
        ],
        "additionalPermissions": [
          "ReadAll"
        ]
      }
    }
  ]
}

List of users for given item ID example

Sample request

HTTP

GET https://api.fabric.microsoft.com/v1/admin/workspaces/7f4496db-9929-47bd-89c0-d7eb2f517a98/items/f089354e-8366-4e18-aea3-4cb4a3a50b48/users

Sample response

Status code:: 200

{
  "accessDetails": [
    {
      "principal": {
        "id": "f3052d1c-61a9-46fb-8df9-0d78916ae041",
        "displayName": "Jacob Hancock",
        "type": "User",
        "userDetails": {
          "userPrincipalName": "jacob@example.com"
        }
      },
      "itemAccessDetails": {
        "type": "Notebook",
        "permissions": [
          "Read",
          "Reshare"
        ],
        "additionalPermissions": [
          "ReadAll",
          "viewOutput"
        ]
      }
    },
    {
      "principal": {
        "id": "c7db8e03-c8cb-4d4c-9f64-1dcd327c9d3c",
        "displayName": "Eric Solomon",
        "type": "User",
        "userDetails": {
          "userPrincipalName": "eric@example.com"
        }
      },
      "itemAccessDetails": {
        "type": "Notebook",
        "permissions": [
          "Read",
          "Reshare",
          "Explore"
        ],
        "additionalPermissions": [
          "ReadAll"
        ]
      }
    },
    {
      "principal": {
        "id": "f51b705f-a409-4d40-9197-c5d5f349e2f0",
        "displayName": "TestSecurityGroup",
        "type": "Group",
        "groupDetails": {
          "groupType": "SecurityGroup"
        }
      },
      "itemAccessDetails": {
        "type": "Notebook",
        "permissions": [
          "Read",
          "Reshare"
        ],
        "additionalPermissions": []
      }
    }
  ]
}

Definitions

Name	Description
ErrorRelatedResource	The error related resource details object.
ErrorResponse	The error response.
ErrorResponseDetails	The error response details.
GroupDetails	Group specific details. Applicable when the principal type is `Group`.
GroupType	The type of the group. Additional group types may be added over time.
ItemAccessDetail	Item permission details such as read and reshare.
ItemAccessDetails	User access details for an item.
ItemAccessDetailsResponse	A list of users with access to a given entity.
ItemPermissions	Item permissions. Additional item permissions may be added over time.
ItemType	The type of the item. Additional item types may be added over time.
Principal	Represents an identity or a Microsoft Entra group.
PrincipalType	The type of the principal. Additional principal types may be added over time.
ServicePrincipalDetails	Service principal specific details. Applicable when the principal type is `ServicePrincipal`.
ServicePrincipalProfileDetails	Service principal profile details. Applicable when the principal type is `ServicePrincipalProfile`.
UserDetails	User principal specific details. Applicable when the principal type is `User`.

ErrorRelatedResource

Object

The error related resource details object.

Name	Type	Description
resourceId	string	The resource ID that's involved in the error.
resourceType	string	The type of the resource that's involved in the error.

ErrorResponse

Object

The error response.

Name	Type	Description
errorCode	string	A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users.
message	string	A human readable representation of the error.
moreDetails	ErrorResponseDetails[]	List of additional error details.
relatedResource	ErrorRelatedResource	The error related resource details.
requestId	string	ID of the request associated with the error.

ErrorResponseDetails

Object

The error response details.

Name	Type	Description
errorCode	string	A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users.
message	string	A human readable representation of the error.
relatedResource	ErrorRelatedResource	The error related resource details.

GroupDetails

Object

Group specific details. Applicable when the principal type is Group.

Name	Type	Description
groupType	GroupType	The type of the group. Additional group types may be added over time.

GroupType

Enumeration

The type of the group. Additional group types may be added over time.

Value	Description
Unknown	Principal group type is unknown.
SecurityGroup	Principal is a security group.
DistributionList	Principal is a distribution list.

ItemAccessDetail

Object

Item permission details such as read and reshare.

Name	Type	Description
additionalPermissions	string[]	Workload permissions such as readAll and viewOutput.
permissions	ItemPermissions[]	Item permissions such as read and reshare.
type	ItemType	Entity type.

ItemAccessDetails

Object

User access details for an item.

Name	Type	Description
itemAccessDetails	ItemAccessDetail	Item permissions for the user.
principal	Principal	Information regarding the user who has access to the entity.

ItemAccessDetailsResponse

Object

A list of users with access to a given entity.

Name	Type	Description
accessDetails	ItemAccessDetails[]	A list of users with access to an entity.

ItemPermissions

Enumeration

Item permissions. Additional item permissions may be added over time.

Value	Description
Read	User can read the metadata about an item.
Write	User can perform write operations on an item.
Reshare	User can share an item with other users.
Explore	User can build items on other items.
Execute	User can execute and cancel item jobs.

ItemType

Enumeration

The type of the item. Additional item types may be added over time.

Value	Description
Dashboard	PowerBI dashboard.
Report	PowerBI report.
SemanticModel	PowerBI semantic model.
PaginatedReport	PowerBI paginated report.
Datamart	PowerBI datamart.
Lakehouse	A lakehouse.
Eventhouse	An eventhouse.
Environment	An environment.
KQLDatabase	A KQL database.
KQLQueryset	A KQL queryset.
KQLDashboard	A KQL dashboard.
DataPipeline	A data pipeline.
Notebook	A notebook.
SparkJobDefinition	A spark job definition.
MLExperiment	A machine learning experiment.
MLModel	A machine learning model.
Warehouse	A warehouse.
Eventstream	An eventstream.
SQLEndpoint	An SQL endpoint.
MirroredWarehouse	A mirrored warehouse.
MirroredDatabase	A mirrored database.
Reflex	A Reflex.
GraphQLApi	An API for GraphQL item.
MountedDataFactory	A MountedDataFactory.
SQLDatabase	A SQLDatabase.
CopyJob	A Copy job.
VariableLibrary	A VariableLibrary.
Dataflow	A Dataflow.
ApacheAirflowJob	An ApacheAirflowJob.
WarehouseSnapshot	A Warehouse snapshot.
DigitalTwinBuilder	A DigitalTwinBuilder.
DigitalTwinBuilderFlow	A Digital Twin Builder Flow.
MirroredAzureDatabricksCatalog	A mirrored azure databricks catalog.
Map	A Map.
AnomalyDetector	An Anomaly Detector.
UserDataFunction	A User Data Function.
GraphModel	A GraphModel.
GraphQuerySet	A Graph QuerySet.
SnowflakeDatabase	A Snowflake Database to store Iceberg tables created from Snowflake account.
OperationsAgent	A OperationsAgent.
CosmosDBDatabase	A Cosmos DB Database.

Principal

Object

Represents an identity or a Microsoft Entra group.

Name	Type	Description
displayName	string	The principal's display name.
groupDetails	GroupDetails	Group specific details. Applicable when the principal type is `Group`.
id	string (uuid)	The principal's ID.
servicePrincipalDetails	ServicePrincipalDetails	Service principal specific details. Applicable when the principal type is `ServicePrincipal`.
servicePrincipalProfileDetails	ServicePrincipalProfileDetails	Service principal profile details. Applicable when the principal type is `ServicePrincipalProfile`.
type	PrincipalType	The type of the principal. Additional principal types may be added over time.
userDetails	UserDetails	User principal specific details. Applicable when the principal type is `User`.

PrincipalType

Enumeration

The type of the principal. Additional principal types may be added over time.

Value	Description
User	Principal is a Microsoft Entra user principal.
ServicePrincipal	Principal is a Microsoft Entra service principal.
Group	Principal is a security group.
ServicePrincipalProfile	Principal is a service principal profile.
EntireTenant	Principal represents all tenant users.

ServicePrincipalDetails

Object

Service principal specific details. Applicable when the principal type is ServicePrincipal.

Name	Type	Description
aadAppId	string (uuid)	The service principal's Microsoft Entra AppId.

ServicePrincipalProfileDetails

Object

Service principal profile details. Applicable when the principal type is ServicePrincipalProfile.

Name	Type	Description
parentPrincipal	Principal	The service principal profile's parent principal.

UserDetails

Object

User principal specific details. Applicable when the principal type is User.

Name	Type	Description
userPrincipalName	string	The user principal name.

Share via

Items - List Item Access Details

Permissions

Required Delegated Scopes

Limitations

Microsoft Entra supported identities

Interface

URI Parameters

Responses

Examples

List of users for given item ID and type example

Sample request

Sample response

List of users for given item ID example

Sample request

Sample response

Definitions

ErrorRelatedResource

ErrorResponse

ErrorResponseDetails

GroupDetails

GroupType

ItemAccessDetail

ItemAccessDetails

ItemAccessDetailsResponse

ItemPermissions

ItemType

Principal

PrincipalType

ServicePrincipalDetails

ServicePrincipalProfileDetails

UserDetails