Please enter your information to subscribe to the Microsoft Fabric Blog.

Thanks for subscribing to the Microsoft Fabric Blog. You’ll receive email notifications when we publish new posts.

Microsoft Fabric Updates Blog

  1. Updates
  2. Admin

A New Admin API to determine who has access to what (Public Preview)

Back in July we released to Public Preview a set of APIs to retrieve user permissions (see this blog post for details). Today, I’m excited to tell you about another nifty API to help you better manage your Power BI asset inventory. The Get User Artifact Access As Admin API takes the graph ID of a user and returns lists of assets that the user has access to. The results are paginated by a continuation token, with each page corresponding to one type of asset.

How can this API be useful to you as a Power BI service administrator? Consider the scenario in which an employee leaves the company. In such cases, there is often a need to examine and reassign all assets owned by the employee.

The API call looks like this:

GET https://api.powerbi.com/v1.0/myorg/admin/users/{userGraphId}/artifactAccess

And the result looks like this:

{
  "artifactAccessEntities": [
    {
      "artifactId": "<redacted>",
      "displayName": "test report",
      "artifactType": "Report",
      "accessRight": "ReadWrite"
    }
  ],
  "continuationUri": "https://api.powerbi.com/v1.0/myorg/admin/activityevents?continuationToken='<redacted>'",
  "continuationToken": "<redacted>"
}

A few more notes about this API:

  • If a user has access to multiple types of artifacts, the response will be separated into different artifact types, each of which requires a new API call using a continuation token at the end of each result payload. This is the same pattern used in the Get Activity Events API
  • This API supports reports (including paginated reports), dashboards, datasets, dataflows, personal workspaces, shared workspaces (both classic and new), capacities, and apps. The graph ID can be that of an AAD user or AAD guest user, a Distribution Group, a Security Group, or a Microsoft 365 Group
  • This API can also be called via Service Principal, along with all other read-only Admin APIs

Learn more about this API on the documentation page.

On a related subject, I would also like to call out to all Power BI Service Administrators to upgrade their classic workspace ahead of the upcoming deadlines using the new ‘Upgrade all’ feature via the “Workspaces” tab of the Admin Portal.

As always, leave any feedback or questions in the comments below. We are always looking forward to hearing from you!

Related blog posts

A New Admin API to determine who has access to what (Public Preview)

Blog's featured image

Announcing a new admin API to get insights into tenant setting overrides at capacity level.
October 24, 2023 by Radhakrishnan Srinivasan

The “GetCapacityTenantSettingOverrides” API is a response to the concerns raised by tenant administrators. It offers transparency and insight that administrators need to govern Fabric.

Read more
Blog's featured image

Enabling granular access control for all data connection types
October 16, 2023 by Kay Unkroth

The foundation of centralized connection management is granular access control. Power BI always enforces granular access control for shareable cloud connections (SCCs). For all other data connection types, it can be enabled at the tenant, workspace, and dataset level.

Read more