Workspaces - Add Workspace Role Assignment
Adds a workspace role assignment.
To get the principal user object ID required for request body, see Find the user object ID.
Permissions
- The caller must have member or higher workspace role.
- Members can add members or others with lower permissions. For more information see: workspace roles.
Required Delegated Scopes
Workspace.ReadWrite.All
Limitations
- Each workspace is limited to a maximum of 1,000 users or groups in workspace roles (Admin, Member, Contributor, Viewer). The number of users within a group is not limited. The limitation also covers external guests.
Microsoft Entra supported identities
This API supports the Microsoft identities listed in this section.
| Identity | Support |
|---|---|
| User | Yes |
| Service principal and Managed identities | Yes |
Interface
POST https://api.fabric.microsoft.com/v1/workspaces/{workspaceId}/roleAssignmentsURI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
workspace
|
path | True |
string (uuid) |
The workspace ID. |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| principal | True |
The principal. |
|
| role | True |
The workspace role of the principal. |
Responses
| Name | Type | Description |
|---|---|---|
| 201 Created |
Successfully created. Headers Location: string |
|
| Other Status Codes |
Common error codes:
|
Examples
Add workspace role assignment example
Sample request
POST https://api.fabric.microsoft.com/v1/workspaces/cfafbeb1-8037-4d0c-896e-a46fb27ff512/roleAssignments
{
"principal": {
"id": "8eedb1b0-3af8-4b17-8e7e-663e61e12211",
"type": "User"
},
"role": "Member"
}
Sample response
Location: https://api.fabric.microsoft.com/v1/workspaces/cfafbeb1-8037-4d0c-896e-a46fb27ff512/roleAssignments/8eedb1b0-3af8-4b17-8e7e-663e61e12211{
"id": "8eedb1b0-3af8-4b17-8e7e-663e61e12211",
"principal": {
"id": "8eedb1b0-3af8-4b17-8e7e-663e61e12211",
"type": "User"
},
"role": "Member"
}Definitions
| Name | Description |
|---|---|
|
Add |
Add workspace role assignment request payload. |
|
Error |
The error related resource details object. |
|
Error |
The error response. |
|
Error |
The error response details. |
|
Group |
Group specific details. Applicable when the principal type is |
|
Group |
The type of the group. Additional group types may be added over time. |
| Principal |
Represents an identity or a Microsoft Entra group. |
|
Principal |
The type of the principal. Additional principal types may be added over time. |
|
Service |
Service principal specific details. Applicable when the principal type is |
|
Service |
Service principal profile details. Applicable when the principal type is |
|
User |
User principal specific details. Applicable when the principal type is |
|
Workspace |
A Workspace role. Additional workspace roles may be added over time. |
|
Workspace |
A workspace role assignment object. |
AddWorkspaceRoleAssignmentRequest
Add workspace role assignment request payload.
| Name | Type | Description |
|---|---|---|
| principal |
The principal. |
|
| role |
The workspace role of the principal. |
ErrorRelatedResource
The error related resource details object.
| Name | Type | Description |
|---|---|---|
| resourceId |
string |
The resource ID that's involved in the error. |
| resourceType |
string |
The type of the resource that's involved in the error. |
ErrorResponse
The error response.
| Name | Type | Description |
|---|---|---|
| errorCode |
string |
A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users. |
| message |
string |
A human readable representation of the error. |
| moreDetails |
List of additional error details. |
|
| relatedResource |
The error related resource details. |
|
| requestId |
string |
ID of the request associated with the error. |
ErrorResponseDetails
The error response details.
| Name | Type | Description |
|---|---|---|
| errorCode |
string |
A specific identifier that provides information about an error condition, allowing for standardized communication between our service and its users. |
| message |
string |
A human readable representation of the error. |
| relatedResource |
The error related resource details. |
GroupDetails
Group specific details. Applicable when the principal type is Group.
| Name | Type | Description |
|---|---|---|
| groupType |
The type of the group. Additional group types may be added over time. |
GroupType
The type of the group. Additional group types may be added over time.
| Value | Description |
|---|---|
| Unknown |
Principal group type is unknown. |
| SecurityGroup |
Principal is a security group. |
| DistributionList |
Principal is a distribution list. |
Principal
Represents an identity or a Microsoft Entra group.
| Name | Type | Description |
|---|---|---|
| displayName |
string |
The principal's display name. |
| groupDetails |
Group specific details. Applicable when the principal type is |
|
| id |
string (uuid) |
The principal's ID. |
| servicePrincipalDetails |
Service principal specific details. Applicable when the principal type is |
|
| servicePrincipalProfileDetails |
Service principal profile details. Applicable when the principal type is |
|
| type |
The type of the principal. Additional principal types may be added over time. |
|
| userDetails |
User principal specific details. Applicable when the principal type is |
PrincipalType
The type of the principal. Additional principal types may be added over time.
| Value | Description |
|---|---|
| User |
Principal is a Microsoft Entra user principal. |
| ServicePrincipal |
Principal is a Microsoft Entra service principal. |
| Group |
Principal is a security group. |
| ServicePrincipalProfile |
Principal is a service principal profile. |
| EntireTenant |
Principal represents all tenant users. |
ServicePrincipalDetails
Service principal specific details. Applicable when the principal type is ServicePrincipal.
| Name | Type | Description |
|---|---|---|
| aadAppId |
string (uuid) |
The service principal's Microsoft Entra AppId. |
ServicePrincipalProfileDetails
Service principal profile details. Applicable when the principal type is ServicePrincipalProfile.
| Name | Type | Description |
|---|---|---|
| parentPrincipal |
The service principal profile's parent principal. |
UserDetails
User principal specific details. Applicable when the principal type is User.
| Name | Type | Description |
|---|---|---|
| userPrincipalName |
string |
The user principal name. |
WorkspaceRole
A Workspace role. Additional workspace roles may be added over time.
| Value | Description |
|---|---|
| Admin |
Enables administrative access to the workspace. |
| Member |
Enables membership access to the workspace. |
| Contributor |
Enables contribution to the workspace. |
| Viewer |
Enables viewing of the workspace. |
WorkspaceRoleAssignment
A workspace role assignment object.
| Name | Type | Description |
|---|---|---|
| id |
string (uuid) |
The workspace role assignment ID. |
| principal |
The principal. |
|
| role |
The workspace role of the principal. |