Microsoft Entra ID · M365 & Platform Services

Fabric Administrator

Can manage all aspects of Microsoft Fabric including workspaces, capacities, and tenant-wide settings for analytics workloads.

Scope: Full administrative control over Microsoft Fabric including analytics, data engineering, and data science workloads

Permissions

  • Manage Microsoft Fabric tenant settings
  • Configure Fabric capacities
  • Manage Fabric workspaces
  • Configure data governance for Fabric
  • View Fabric usage metrics
  • Manage Fabric security settings

Common use cases

  • Fabric capacity management
  • Workspace governance
  • Data lakehouse administration
  • Tenant-wide policy configuration
  • Usage and adoption monitoring

Best practices

  • Implement workspace governance policies
  • Monitor capacity utilization
  • Configure appropriate data residency
  • Use domains for data organization
  • Enable sensitivity labels for data

Security considerations

  • Access to enterprise analytics data
  • Can configure data sharing policies
  • Controls data lake security settings
  • Monitor for data exfiltration risks

Common questions

When should I assign the Fabric Administrator role?

Assign Fabric Administrator when you need to: Fabric capacity management; Workspace governance; Data lakehouse administration; Tenant-wide policy configuration; and Usage and adoption monitoring. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Fabric Administrator role do?

The Fabric Administrator role grants permissions including: Manage Microsoft Fabric tenant settings; Configure Fabric capacities; Manage Fabric workspaces; Configure data governance for Fabric; View Fabric usage metrics; and Manage Fabric security settings. See the Permissions section above for the full list.

What are the security risks of the Fabric Administrator role?

Key considerations when assigning Fabric Administrator: Access to enterprise analytics data; Can configure data sharing policies; Controls data lake security settings; and Monitor for data exfiltration risks. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →