Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Data Days is here! Join us now for 60+ days of learning, challenges, and connection. Learn more

Reply
jp_golay
Helper III
Helper III

Fabric Rest Api

‎02-20-2026 03:00 PM

Hi we use Fabric Rest API for a tool creating Backup and MCP around Power BI items.

We need to use a service principal as we are in a backend task, but surprisingly we are not able to scan the personal workspaces.

We have been told that is by design by Microsoft??? So there is no API ( and no other manual way) for any kind of supervisor to know what happens in the user personal workspaces!!!

For example a user can make a collection of critical reports and export them with data this is authorised but to let a supervisor see what he do not?

For my customer it's a major issue and a compliance problem (he cannot backup personal workspaces)

any other people concerned by such issue?

we are looking for help to make thinks changes. Microsoft support after long exchanges,just responded that it's a out of scope of their influence ...

thanks for your feedback in the comments I will send directly to MS so be diligent 

Jean-Philippe

Labels:
Message 1 of 9
1,470 Views
0
3 ACCEPTED SOLUTIONS
Jai-Rathinavel
Super User
Super User

‎02-21-2026 12:23 AM

Hi @jp_golay , There are APIs available in the Power BI Rest API Documentation to extract artifacts metadata from personal workspaces as well. You would have to use the below four APIs hand in hand to achieve that. 

 

Rest API Documentation: https://learn.microsoft.com/en-us/rest/api/power-bi/admin

 

JaiRathinavel_0-1771662117062.png

Please note that the below APIs require admin access to the Service principal. Make sure service principal can access Admin APIs by configuring the Admin portal settings.


Thanks,

Jai




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!



View solution in original post

Message 3 of 9
1,396 Views
MohdZaid_
Solution Sage
Solution Sage

‎02-21-2026 12:12 PM

Hey @jp_golay  , 

 

In Microsoft Fabric and Power BI, service principals cannot access personal (“My workspace”) workspaces by default, and this is largely by design for privacy and compliance reasons. Standard Fabric REST APIs will not return personal workspaces when called by a normal service principal. However, governance access is possible through the Power BI Admin REST APIs, not the regular APIs.

 

If the service principal is added to a security group that has Power BI Service Admin or Fabric Admin rights, and tenant settings allow service principals to use Power BI APIs, then the Admin workspace scan endpoints (with the includePersonalWorkspaces flag enabled) can retrieve metadata for personal workspaces. For compliance and monitoring, organizations can also use Microsoft 365 audit logs and optionally Microsoft Purview. There is no supported way for a non-admin service principal to fully enumerate personal workspaces, so the practical solution is to use an admin-level service principal combined with Admin APIs and audit logging.

View solution in original post

Message 4 of 9
1,374 Views
Nasif_Azam
Super User
Super User

‎02-21-2026 02:21 PM

Hey @jp_golay ,

This is a confirmed by-design limitation. Microsoft explicitly states "My Workspace isn't supported when using service principal." However, the situation is not completely hopeless. Here are some workarounds available:

 

Workaround-1: Admin APIs DO Return Personal Workspace Metadata (via Service Principal)

Even though you can't access content via service principal, you can discover and scan personal workspaces:

  • GET /v1.0/myorg/admin/groups?$top=5000 which returns personal workspaces as type PersonalGroup
  • Scanner/WorkspaceInfo API (/v1.0/myorg/admin/workspaces/getInfo) which can scan personal workspaces for deeper metadata (reports, datasets, lineage, datasource details)
  • Both support service principal authentication when "Admin API Settings > Service principals can access read-only admin APIs" is enabled

 

Workaround-2: Delegated Admin Token for Full Content Backup

For actual content backup (export .pbix, definitions, etc.), replace the service principal with a Fabric Admin delegated user account:

  • Fabric Admin calls Admin Portal > Workspaces > "Get Access" on target personal workspaces (this can be done via API: POST /v1.0/myorg/admin/groups/{groupId}/users to add the admin user)
  • Once the admin user has access, use delegated token (OAuth authorization_code flow) to call export APIs against those personal workspaces
  • Automate token refresh using a secured service account with Fabric Admin role

 

Workaround-3: Prevent the Problem with Governance Policies

  • Disable/restrict personal workspaces at the tenant level force all content into governed shared workspaces
  • Block export with data via tenant settings if that's the compliance risk
  • Block users from reassigning personal workspaces to prevent capacity/data residency issues
  • Use sensitivity labels + DLP to prevent sensitive data from being moved to ungoverned spaces

 

For Detailed Information:

 

Best Regards,
Nasif Azam

 



Did I answer your question?
If so, mark my post as a solution!
Also consider helping someone else in the forums!

Proud to be a Super User!


LinkedIn

View solution in original post

Message 6 of 9
1,350 Views
0
8 REPLIES 8
v-nmadadi-msft
Community Support
Community Support

‎03-01-2026 10:24 PM

Hi @jp_golay 

May I check if this issue has been resolved? If not, Please feel free to contact us if you have any further questions.


Thank you

Message 9 of 9
1,012 Views
0
v-nmadadi-msft
Community Support
Community Support

‎02-24-2026 10:55 PM

Hi @jp_golay 

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions.


Thank you.

Message 8 of 9
1,188 Views
0
GilbertQ
Super User
Super User

‎02-22-2026 01:39 PM

Hi @jp_golay 

 

My solution would be why don't you use the scanner API which will. Then give you all the information about my workspaces for personal users and when using the scanner API you can run this using a service principle account.

 

Admin - WorkspaceInfo GetModifiedWorkspaces - REST API (Power BI Power BI REST APIs) | Microsoft Lea...

 

GilbertQ_0-1771796351524.png

 





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 7 of 9
1,287 Views
0
Nasif_Azam
Super User
Super User

‎02-21-2026 02:21 PM

Hey @jp_golay ,

This is a confirmed by-design limitation. Microsoft explicitly states "My Workspace isn't supported when using service principal." However, the situation is not completely hopeless. Here are some workarounds available:

 

Workaround-1: Admin APIs DO Return Personal Workspace Metadata (via Service Principal)

Even though you can't access content via service principal, you can discover and scan personal workspaces:

  • GET /v1.0/myorg/admin/groups?$top=5000 which returns personal workspaces as type PersonalGroup
  • Scanner/WorkspaceInfo API (/v1.0/myorg/admin/workspaces/getInfo) which can scan personal workspaces for deeper metadata (reports, datasets, lineage, datasource details)
  • Both support service principal authentication when "Admin API Settings > Service principals can access read-only admin APIs" is enabled

 

Workaround-2: Delegated Admin Token for Full Content Backup

For actual content backup (export .pbix, definitions, etc.), replace the service principal with a Fabric Admin delegated user account:

  • Fabric Admin calls Admin Portal > Workspaces > "Get Access" on target personal workspaces (this can be done via API: POST /v1.0/myorg/admin/groups/{groupId}/users to add the admin user)
  • Once the admin user has access, use delegated token (OAuth authorization_code flow) to call export APIs against those personal workspaces
  • Automate token refresh using a secured service account with Fabric Admin role

 

Workaround-3: Prevent the Problem with Governance Policies

  • Disable/restrict personal workspaces at the tenant level force all content into governed shared workspaces
  • Block export with data via tenant settings if that's the compliance risk
  • Block users from reassigning personal workspaces to prevent capacity/data residency issues
  • Use sensitivity labels + DLP to prevent sensitive data from being moved to ungoverned spaces

 

For Detailed Information:

 

Best Regards,
Nasif Azam

 



Did I answer your question?
If so, mark my post as a solution!
Also consider helping someone else in the forums!

Proud to be a Super User!


LinkedIn
Message 6 of 9
1,351 Views
0
Olufemi7
Solution Sage
Solution Sage

‎02-21-2026 01:01 PM

Hello @jp_golay

Service principals cannot access personal workspaces (“My Workspace”) in Power BI/Fabric; only shared or app workspaces where the SP is explicitly added are accessible via REST API. Personal workspaces remain private by design for user privacy.

Microsoft Docs:
Embed Power BI content with service principal and an application secret 

Message 5 of 9
1,367 Views
0
MohdZaid_
Solution Sage
Solution Sage

‎02-21-2026 12:12 PM

Hey @jp_golay  , 

 

In Microsoft Fabric and Power BI, service principals cannot access personal (“My workspace”) workspaces by default, and this is largely by design for privacy and compliance reasons. Standard Fabric REST APIs will not return personal workspaces when called by a normal service principal. However, governance access is possible through the Power BI Admin REST APIs, not the regular APIs.

 

If the service principal is added to a security group that has Power BI Service Admin or Fabric Admin rights, and tenant settings allow service principals to use Power BI APIs, then the Admin workspace scan endpoints (with the includePersonalWorkspaces flag enabled) can retrieve metadata for personal workspaces. For compliance and monitoring, organizations can also use Microsoft 365 audit logs and optionally Microsoft Purview. There is no supported way for a non-admin service principal to fully enumerate personal workspaces, so the practical solution is to use an admin-level service principal combined with Admin APIs and audit logging.

Message 4 of 9
1,375 Views
Jai-Rathinavel
Super User
Super User

‎02-21-2026 12:23 AM

Hi @jp_golay , There are APIs available in the Power BI Rest API Documentation to extract artifacts metadata from personal workspaces as well. You would have to use the below four APIs hand in hand to achieve that. 

 

Rest API Documentation: https://learn.microsoft.com/en-us/rest/api/power-bi/admin

 

JaiRathinavel_0-1771662117062.png

Please note that the below APIs require admin access to the Service principal. Make sure service principal can access Admin APIs by configuring the Admin portal settings.


Thanks,

Jai




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!



Message 3 of 9
1,397 Views
rohit1991
Super User
Super User

‎02-20-2026 10:03 PM

Hii @jp_golay 

 

Service principals and REST APIs cannot access or scan personal workspaces (My Workspace) because they are user-owned and isolated for privacy and security. There is no supported API or admin method to back up or monitor personal workspaces. Only shared (group-based) workspaces are accessible via service principal, so critical content must be moved there for compliance and backup.


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!
Message 2 of 9
1,424 Views

Helpful resources

Announcements
Fabric Data Days is here Carousel

Fabric Data Days 2026

Don't miss out on Data Days, June 15 through August 7. Learn Fabric, Power BI, SQL, AI and more.

May Power BI Update Carousel

Power BI Monthly Update - May 2026

Check out the May 2026 Power BI update to learn about new features.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

View All