Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.
By default, an admin user is authorized to retrieve all activity logs. I would like to understand how we could restrict this in two possible ways:
1. Can we restrict which workspaces and apps an admin can retrieve activity logs from?
2. Can we restrict which attributes (or operation names) an admin can retrieve?
Hi @mmossel
You can set RLS for the dataset, which takes effect when the user does not have editing permission.
You can refer: https://docs.microsoft.com/en-us/power-bi/admin/service-admin-rls
Best Regards,
Link
AFAIK we cannot restrict an admin from being able to access activity logs. As mentioned in the official documentation, having either Power BI Admin role or Global admin role will automatically give you access to all type of activities.
Track user activities in Power BI - Power BI | Microsoft Docs
Did I answer your questions? Give a thumbs up and accept this post as solution!
@_sfrost thanks for your response. If we build our own dataset of activity logs over time and apply RLS from the source, can particular workspaces/apps be identified easily so that RLS can be applied to only a limited number of workspaces? Is that feasible or difficult?