了解 Power BI 管理员角色Understanding the Power BI admin role

了解如何在组织中使用 Power BI 管理员角色。Learn how you can use the Power BI admin role within your organization.

可以向应有权访问 Power BI 管理门户的用户分配 Power BI 服务管理员角色,但并未向其授予其他 Office 365 管理访问权限。The Power BI Service Administrator role can be assigned to users who should have access to the Power BI Admin Portal without also granting them other Office 365 administrative access. 例如,全局管理员角色。For example, the Global Admin role. 这适合分配给负责为组织管理 Power BI 的人员。It is meant for those tasked with administering Power BI for their organization.

Office 365 用户管理员可以在 Office 365 管理中心内或通过 PowerShell 脚本,将用户分配为 Power BI 管理员。Office 365 user admins can assign users to be Power BI admins within the Office 365 Admin center, or via PowerShell script. 分配为管理员后,用户便可以访问 Power BI 管理门户Once a user is assigned, they'll be able to access the Power BI admin portal. 在管理门户中,用户可以访问整个租户范围内的使用情况指标,并能控制整个租户范围内的 Power BI 功能使用情况。There, they will have access to tenant-wide usage metrics, and can control tenant-wide usage of Power BI features.

使用 Office 365 管理中心分配角色Using the Office 365 Admin Center to assign a role

若要在 Office 365 管理中心内为用户分配 Power BI 管理员角色,可以执行以下操作。To assign users to the Power BI Administrator role within the Office 365 Admin Center, you can do the following.

  1. 转到 Office 365 管理中心,然后依次选择“用户” > “活动用户”。Browse to the Office 365 Admin Center and select Users > Active Users.

  2. 选择要向其分配角色的用户。Select the user that you want to assign the role to.
  3. 选择相应角色旁边的“编辑”。Select Edit for roles.

  4. 依次选中“自定义管理员” > “Power BI 服务管理员Select Customized administrator > Power BI service administrator

  5. 选择保存Select Save.

此时,系统应该会列出相应用户拥有的“Power BI 服务管理员”角色。You should see Power BI service administrator listed for the role of that user. 他们现在将有权访问 Power BI 管理门户They will now have access to the Power BI admin portal.

使用 PowerShell 分配角色Using PowerShell to assign a role

若要运行 PowerShell 命令,必须安装 Azure Active Directory PowerShell 模块。To run the PowerShell command, you must have the Azure Active Directory PowerShell Module installed.

下载 Azure AD PowerShell 模块Download Azure AD PowerShell module

下载 Azure Active Directory PowerShell 版本 2Download Azure Active Directory PowerShell Version 2

下载 Azure Active Directory PowerShell 版本 1.1.166.0 GADownload Azure Active Directory PowerShell Version 1.1.166.0 GA

用于向成员添加角色的命令Command to add role to member

Azure AD PowerShell v2 命令Azure AD PowerShell v2 Command

需要为 Power BI 服务管理员角色获取 ObjectIdYou will need to get the ObjectId for the Power BI Service Administrator role. 可以运行 Get-AzureADDirectoryRole 获取 ObjectIdYou can run Get-AzureADDirectoryRole to get the ObjectId

PS C:\Windows\system32> Get-AzureADDirectoryRole

ObjectId                             DisplayName                        Description
--------                             -----------                        -----------
00f79122-c45d-436d-8d4a-2c0c6ca246bf Power BI Service Administrator     Full access in the Power BI Service.
250d1222-4bc0-4b4b-8466-5d5765d14af9 Helpdesk Administrator             Helpdesk Administrator has access to perform..
3ddec257-efdc-423d-9d24-b7cf29e0c86b Directory Synchronization Accounts Directory Synchronization Accounts
50daa576-896c-4bf3-a84e-1d9d1875c7a7 Company Administrator              Company Administrator role has full access t..
6a452384-6eb9-4793-8782-f4e7313b4dfd Device Administrators              Device Administrators
9900b7db-35d9-4e56-a8e3-c5026cac3a11 AdHoc License Administrator        Allows access manage AdHoc license.
a3631cce-16ce-47a3-bbe1-79b9774a0570 Directory Readers                  Allows access to various read only tasks in ..
f727e2f3-0829-41a7-8c5c-5af83c37f57b Email Verified User Creator        Allows creation of new email verified users.

在此示例中,角色 objectid 为 00f79122-c45d-436d-8d4a-2c0c6ca246bf。In this case, the role objectid is 00f79122-c45d-436d-8d4a-2c0c6ca246bf.

还需要知道用户 ObjectIDYou will also need to know the users ObjectID. 为此,可以运行 Get-AzureADUserYou can find that by running Get-AzureADUser.

PS C:\Windows\system32> Get-AzureADUser -SearchString 'tim@contoso.com'

ObjectId                             DisplayName UserPrincipalName      UserType
--------                             ----------- -----------------      --------
6a2bfca2-98ba-413a-be61-6e4bbb8b8a4c Tim         tim@contoso.com        Member

若要向成员添加角色,请运行 Add-AzureADDirectoryRoleMemberTo add the member to the role, run Add-AzureADDirectoryRoleMember.

参数Parameter 说明Description
ObjectIdObjectId 角色 ObjectId。The Role ObjectId.
RefObjectIdRefObjectId 成员 ObjectId。The members ObjectId.
Add-AzureADDirectoryRoleMember -ObjectId 00f79122-c45d-436d-8d4a-2c0c6ca246bf -RefObjectId 6a2bfca2-98ba-413a-be61-6e4bbb8b8a4c

Azure AD PowerShell v1 命令Azure AD PowerShell v1 Command

若要使用 Azure AD v1 cmdlet 向成员添加角色,需要运行 Add-MsolRoleMember 命令。To add a member to a role using the Azure AD v1 cmdlets, you will want to run the Add-MsolRoleMember command.

Add-MsolRoleMember -RoleMemberEmailAddress "tim@contoso.com" -RoleName "Power BI Service Administrator"

限制和注意事项Limitations and considerations

Power BI 服务管理员角色不提供以下功能。The Power BI service administrator role does not provide access to the following.

  • 在 Office 365 管理中心内修改用户和许可证的功能Ability to modify users and licenses within the Office 365 Admin Center
  • 访问审核日志的功能。Access to the audit logs. 有关详细信息,请参阅在组织内使用审核For more information, see Using auditing within your organization.

后续步骤Next steps

Power BI 管理门户Power BI admin portal
Add-AzureADDirectoryRoleMemberAdd-AzureADDirectoryRoleMember
Add-MsolRoleMemberAdd-MsolRoleMember
在组织中审核 Power BIAuditing Power BI in your organization
在组织中管理 Power BIAdministering Power BI in your Organization

更多问题?More questions? 尝试咨询 Power BI 社区Try asking the Power BI Community