The requirement would be to provide access to the below areas whilst not providing access to the other areas in the Admin portal:
Areas to provide access:
-Tenant Settings (the only app permission provides to much access ('Tenant.ReadWrite.All' ))
-Usage Metrics
-Users
-Premier Per User
-Audit logs
-Workloads ( api permissions grants access to all )
-workspaces
Whilst not providing access to the rest of the admin portal.
Currently Its not possible via custom roles as this is unsupported, and via API permissions they are not granualar enough, for example ( 'Tenant.ReadWrite.All' for tenant settings )
There is granular permissions in Fabric however to get access to all the required areas would mean granting Fabric admin which also grants access to areas that the users should not get access.
Ideally we need a way to more granually assign API permissions or enable the use of custom roles for Fabric.
akatesmith
on:
Fabric SQL database has to support fully Power BI
on:
Get rid of Microsoft sidebar in Power BI new works...
Thanks @ITmerrr for submitting this idea
as we are working on enhancements to Admin Portal, I'd be happy to better understand:
- Tenant settings - would you expect non admins to be able to access that page? those non admins will be able to change settings? will be happy to learn more about this use case
- usage metrics - that's a deperecated tab, we removed it, the change is rolling to production
- premium per user - is setup - would you expect non admins to be able to change it?
- Audit logs and Users redirect to external system (M365 ) - same quetsion , what would you expect the non admins to be able to see here?