I know all that - that is not what I was pointing out - I was pointing out that you CANNOT restrict what parts of Power BI/Fabric a user has access to

Perhaps you need to take some training

You give them access to a workspace and they can play with a whole raft of things they should not be anywhere near

And the ability to control that is extremely limited (and what control their is is beyond clunky)

So again - Fabric is NOT designed for Enterprise (at least not correctly and completely)

And dont get me started on the ABYSMAL deployment pipelines

There is VERY LITTLE in Fabric that actually works for a PROPER and CORRECT enterprise solution

Just because it uses MS Entra ID and Azure AD Groups does NOT make it an Enterprise Solution - if you think thats all that is required to make something Enterprise then I would never hire you

This is the trouble with MS and Fabric/Power BI - riddled with amateurs who havent a clue 

Hi @Kiwi_Mark_LFC ,

I appreciate your observations regarding Fabric’s limitations. You are correct that once a user is granted authoring access to a workspace, Fabric does not provide granular restrictions on individual features or experiences. This is an intentional design decision rather than an oversight or lack of configuration options.

Fabric’s approach to security and governance is centered around identity, data, and item-level controls, rather than limiting access to specific parts of the interface. Authoring roles are intended for trusted users, so partial restrictions within workspaces are not enforced. As a result, business users with workspace access may have more capabilities than some organizations prefer.

The recommended enterprise model is to maintain strict separation of roles, with consumers accessing content through apps or view-only sharing, and avoiding workspace access. Workspaces are meant for developers and administrators. When these boundaries are not observed, governance can become challenging.

Regarding deployment pipelines, your feedback is valid. While Fabric pipelines offer convenience, they do not provide comprehensive enterprise ALM functionality, and many organizations supplement them with external CI/CD tools and processes.

In summary, Fabric is designed for enterprise use with a focus on clear authoring roles and controlled content distribution. However, if fine-grained UI restrictions within workspaces are required, it may not fully align with those needs.

Thank you.

Hi @Kiwi_Mark_LFC ,

I wanted to follow up and see if you had a chance to review the information shared. If you have any further questions or need additional assistance, feel free to reach out.

Thank you.

"Fabric’s approach to security and governance is centered around identity, data, and item-level controls, rather than limiting access to specific parts of the interface. Authoring roles are intended for trusted users, so partial restrictions within workspaces are not enforced. As a result, business users with workspace access may have more capabilities than some organizations prefer."

This is so incorrect - Users have access to numerous Activities/Features in Fabric/Power BI whether they have access to a Workspace or not

So how does one restrict view users from accessing other parts of the Fabric/Power BI UI then - because I cant see how this can be done - you either give them access to a workspace or an app - and neither allows restricting access to elements you dont want a user to have (unless you use embedded)

This is what a normal View user sees

When they Login

From the App

We dont want them having access to any of this - this should not be MS choice - this is not Enterprise

I cannot find any documentation on how to limit this

There is massive blurring of the lines between authoring and viewing - regardless of workspace access or not - you statement is factually incorrect

Users should ONLY be allowed to ACCESS the Activities/Features/etc WE decide - not MS

This is NOT enterprise

MS has never understood enterprise and prob. never will

And it seems no one on these forums do either

Hi @Kiwi_Mark_LFC ,

In Fabric and Power BI, all licensed and authenticated users will land on the Fabric portal and see the global navigation when they sign in, whether they only use an app or don’t have workspace access. There is no supported way to hide these portal areas or activities for view users; this is a product limitation, not a configuration issue, and it is not documented. Users can see sections like Workspaces or Browse, but only have access to permitted content and are restricted from authoring or admin actions. Security is managed through identity, tenant settings, licenses, and item-level permissions, rather than customizing the portal interface for each user.

If your organization needs users to interact with only one governed interface and not the broader Fabric experience, the native Fabric portal does not support this. The only supported solution for full UI control is Power BI Embedded, where the hosting app determines what users can see and do. While feedback on making this a customer-controlled option is valued, Fabric currently does not offer further UI restrictions beyond tenant-level settings and permissions.

Thank you.

Yes - I know all that - thats my point

MS Have ZERO CLUE as to what constitutes an ENTERPRISE solution

As it appears noone on this forum does either

And level of reading comprehension is below that of a 4th grader

Hi @Kiwi_Mark_LFC ,

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions.

Thank you.