Hi @kkitsara -As of now, the Power BI Admin APIs, including the Metadata Scanning APIs, allow for accessing tenant-wide metadata, but they do not natively support fine-grained access control at the level of specific capacities or workspaces for service principals.
The service principal will need "Power BI Service Administrator" or "Fabric Administrator" role for tenant-wide access, which doesn't currently support granularity at the capacity level. That said, you can manage access at a workspace level by assigning specific roles to the service principal in different workspaces, but this doesn't directly limit API access by capacity.
Possibilities of API admin solved links FYR :
Solved: Service Principal - Can not grant access to my Wor... - Microsoft Fabric Community
Solved: PowerBI API Rest Service Principal Authentication - Microsoft Fabric Community
(1) Solved: Service Principal for semantic model authenticatio... - Microsoft Fabric Community
Hope the above information and links helps you.
Proud to be a Super User! |  |
Hi @kkitsara
Thank you very much rajendraongole1 for your prompt reply.
It is not possible to directly restrict a service principal's access to a specific capacity using the Power BI management API alone. You can try a combination of the following to help you achieve the level of access control you need:
You can create dedicated security groups for your service principals and assign them to specific capacities. This way, the service principal will only have access to the capacities associated with its security group.
You provide that access by adding the app's service principal or its security group to your workspace as a member or admin.
You might also want to know what permissions different roles have:
Roles in workspaces in Power BI - Power BI | Microsoft Learn
You can configure tenant settings to allow access only to specific security groups. This involves creating a security group for the service principal and excluding it from the tenant settings that you don't want it to access.
Regards,
Nono Chen
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @kkitsara
Thank you very much rajendraongole1 for your prompt reply.
It is not possible to directly restrict a service principal's access to a specific capacity using the Power BI management API alone. You can try a combination of the following to help you achieve the level of access control you need:
You can create dedicated security groups for your service principals and assign them to specific capacities. This way, the service principal will only have access to the capacities associated with its security group.
You provide that access by adding the app's service principal or its security group to your workspace as a member or admin.
You might also want to know what permissions different roles have:
Roles in workspaces in Power BI - Power BI | Microsoft Learn
You can configure tenant settings to allow access only to specific security groups. This involves creating a security group for the service principal and excluding it from the tenant settings that you don't want it to access.
Regards,
Nono Chen
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @kkitsara -As of now, the Power BI Admin APIs, including the Metadata Scanning APIs, allow for accessing tenant-wide metadata, but they do not natively support fine-grained access control at the level of specific capacities or workspaces for service principals.
The service principal will need "Power BI Service Administrator" or "Fabric Administrator" role for tenant-wide access, which doesn't currently support granularity at the capacity level. That said, you can manage access at a workspace level by assigning specific roles to the service principal in different workspaces, but this doesn't directly limit API access by capacity.
Possibilities of API admin solved links FYR :
Solved: Service Principal - Can not grant access to my Wor... - Microsoft Fabric Community
Solved: PowerBI API Rest Service Principal Authentication - Microsoft Fabric Community
(1) Solved: Service Principal for semantic model authenticatio... - Microsoft Fabric Community
Hope the above information and links helps you.
Proud to be a Super User! | |
Helpful resources
Power BI Monthly Update - November 2025
Check out the November 2025 Power BI update to learn about new features.
Fabric Data Days
Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!
FabCon Atlanta 2026
Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.
