Microsoft Entra ID · M365 & Platform Services
Fabric Administrator
Can manage all aspects of Microsoft Fabric including workspaces, capacities, and tenant-wide settings for analytics workloads.
Scope: Full administrative control over Microsoft Fabric including analytics, data engineering, and data science workloads
Permissions
- Manage Microsoft Fabric tenant settings
- Configure Fabric capacities
- Manage Fabric workspaces
- Configure data governance for Fabric
- View Fabric usage metrics
- Manage Fabric security settings
Common use cases
- Fabric capacity management
- Workspace governance
- Data lakehouse administration
- Tenant-wide policy configuration
- Usage and adoption monitoring
Best practices
- Implement workspace governance policies
- Monitor capacity utilization
- Configure appropriate data residency
- Use domains for data organization
- Enable sensitivity labels for data
Security considerations
- Access to enterprise analytics data
- Can configure data sharing policies
- Controls data lake security settings
- Monitor for data exfiltration risks
Common questions
When should I assign the Fabric Administrator role?
Assign Fabric Administrator when you need to: Fabric capacity management; Workspace governance; Data lakehouse administration; Tenant-wide policy configuration; and Usage and adoption monitoring. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Fabric Administrator role do?
The Fabric Administrator role grants permissions including: Manage Microsoft Fabric tenant settings; Configure Fabric capacities; Manage Fabric workspaces; Configure data governance for Fabric; View Fabric usage metrics; and Manage Fabric security settings. See the Permissions section above for the full list.
What are the security risks of the Fabric Administrator role?
Key considerations when assigning Fabric Administrator: Access to enterprise analytics data; Can configure data sharing policies; Controls data lake security settings; and Monitor for data exfiltration risks. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.