Problem:
Currently, scheduled refresh for the Fabric Capacity Metrics app requires the account to be a Capacity Admin, even if the account only needs to refresh data and not manage capacity settings. This creates unnecessary privilege escalation and security risk.

Impact:

• Organizations must grant high-level admin rights to service accounts or automation accounts.
• Violates least-privilege principles.
• Increases audit and compliance overhead.

Proposed Solution:
Introduce a Capacity Metrics Reader role that:

• Grants access to capacity telemetry APIs for refresh purposes.
• Does not allow capacity configuration changes.
• Can be assigned to service accounts used for scheduled refresh.

Benefits:

• Aligns with least-privilege security best practices.
• Reduces risk of accidental or malicious capacity changes.
• Simplifies compliance for organizations with strict role-based access controls.