Batch ownership transfer for Microsoft Fabric workspace items via undocumented WABI takeover API.
⚠️ UNDOCUMENTED API — USE AT YOUR OWN RISKThis notebook uses an internal, undocumented Microsoft API that is not part of the official Fabric REST API surface. By using this tool, you acknowledge:
- No official support — Microsoft does not document or support this endpoint
- May break without notice — API behavior, endpoints, or availability may change at any time
- No guarantees — Functionality is provided "as-is" with no warranty
- Your responsibility — Test thoroughly in non-production workspaces first
The authors assume no liability for any issues arising from use of this tool.
# Set your workspace GUID
workspace_guid = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
# Run all cells - ownership transfers to notebook runnerFabric items have individual owners, and ownership matters:
- Scheduled refresh failures — When an item owner leaves the organization, refreshes fail silently
- Permission inheritance — Some items (Reports) inherit permissions from their parent (SemanticModel)
- Team transitions — New admins need ownership to manage items effectively
- Orphaned items — Items owned by deleted users become difficult to manage
The official Fabric UI requires clicking through each item individually. This notebook automates bulk transfer via an undocumented internal API.
| Requirement | Details |
|---|---|
| Fabric workspace access | Admin or Member role on target workspace |
| Fabric notebook | Must run in Fabric environment (uses mssparkutils / notebookutils) |
| Python packages | requests, pandas (pre-installed in Fabric) |
⚠️ No Service Principal SupportThe WABI takeover API does not support Service Principal authentication. This notebook must be executed by a user identity.
| Notebook | Description |
|---|---|
fabric_usurp.ipynb |
Inventories workspace items and transfers ownership to executing user |
Edit the first code cell with your target workspace:
# Workspace GUID - find in Fabric URL or workspace settings
workspace_guid = "39f56186-33e6-4e2a-8e60-d37042bedefb"
# Item types to skip (these have special ownership semantics)
EXCLUDED_TYPES = {"Report", "SemanticModel", "SQLEndpoint", "MirroredDatabase"}The notebook will:
- Authenticate using your Fabric notebook identity
- Discover WABI endpoint dynamically from your tenant
- Inventory workspace via Fabric REST API
- Filter items by excluding unsupported types
- Execute takeover for each eligible item
- Display results as a pandas DataFrame
✓ Authenticated as notebook user
✓ WABI endpoint: https://wabi-us-east2-b-primary.analysis.windows.net
Fetching items from workspace: 39f56186-33e6-4e2a-8e60-d37042bedefb
✓ Retrieved 47 items
============================================================
BATCH TAKEOVER
============================================================
Total items: 47
Eligible: 31
Skipped: 16 (Report, SemanticModel, SQLEndpoint, MirroredDatabase)
============================================================
Skipped items:
⊘ Sales Report (Report)
⊘ Sales Model (SemanticModel)
...
[1/31] Customer Lakehouse (Lakehouse)
✓ Success
[2/31] ETL Pipeline (DataPipeline)
✓ Success
...
============================================================
SUMMARY: 31/31 successful, 16 skipped
============================================================
This notebook uses user identity only via Fabric's built-in credential helper:
def get_access_token() -> str:
"""Acquires access token using Fabric notebook identity."""
try:
token = mssparkutils.credentials.getToken("https://analysis.windows.net/powerbi/api")
except NameError:
token = notebookutils.credentials.getToken("https://analysis.windows.net/powerbi/api")
return tokenThe WABI takeover API specifically requires user authentication — Service Principal tokens are rejected with 403 Forbidden.
| Status Code | Meaning | Resolution |
|---|---|---|
| 200 / 202 | Success | Ownership transferred |
| 401 | Unauthorized | Token expired — re-run authentication cell |
| 403 | Forbidden | Insufficient workspace access, or attempting SPN auth |
| 404 | Not Found | Item GUID invalid, item deleted, or no workspace access |
| 429 | Rate Limited | Handled automatically with exponential backoff |
"NameError: mssparkutils is not defined"
Run any Spark command first to initialize the session:
spark.version"CredentialUnavailableError: Failed to open a browser"
You're running outside Fabric (e.g., local Jupyter). This notebook requires Fabric's managed identity. For local execution, modify get_access_token() to use DeviceCodeCredential from azure-identity.
Items still showing old owner after takeover
The Fabric UI caches ownership. Refresh the browser or wait a few minutes.
| Limitation | Details |
|---|---|
| No SPN support | WABI takeover API requires user identity |
| Excluded item types | Reports, SemanticModels, SQLEndpoints, MirroredDatabases cannot be taken over via this API |
| Undocumented API | WABI /metadata/artifacts/{id}/takeover is internal Microsoft infrastructure — not part of official Fabric/Power BI REST APIs. May stop working without warning after any Microsoft update. |
| Single workspace | Processes one workspace per execution (loop externally for multiple) |
| Rate limits | Heavy workspaces may trigger 429s; backoff handles this but adds execution time |
- Report — Ownership follows the parent SemanticModel; cannot be set independently
- SemanticModel — Has special ownership/refresh semantics; use Power BI "Take Over" in UI
- SQLEndpoint — Managed by Fabric; ownership tied to Lakehouse/Warehouse
- MirroredDatabase — Ownership tied to source connection