了解 Power BI 系統管理員角色Understanding the Power BI admin role

了解如何在組織內使用 Power BI 系統管理員角色。Learn how you can use the Power BI admin role within your organization.

Power BI 服務管理員角色可以指派給應該能存取 Power BI 管理入口網站,但不會同時授與其他 Office 365 系統管理存取權的使用者。The Power BI Service Administrator role can be assigned to users who should have access to the Power BI Admin Portal without also granting them other Office 365 administrative access. 例如,全域管理員角色。For example, the Global Admin role. 它適用於負責管理組織之 Power BI 的人員。It is meant for those tasked with administering Power BI for their organization.

Office 365 使用者系統管理員可以在 Office 365 系統管理中心內或透過 PowerShell 指令碼,將使用者指派為 Power BI 系統管理員。Office 365 user admins can assign users to be Power BI admins within the Office 365 Admin center, or via PowerShell script. 一旦使用者獲得指派,就能夠存取 Power BI 管理入口網站Once a user is assigned, they'll be able to access the Power BI admin portal. 在這裡,他們將能夠存取整個租用戶的使用計量,並可控制整個租用戶使用 Power BI 功能的方式。There, they will have access to tenant-wide usage metrics, and can control tenant-wide usage of Power BI features.

使用 Office 365 系統管理中心指派角色Using the Office 365 Admin Center to assign a role

若要在 Office 365 系統管理中心內將使用者指派給 Power BI 系統管理員角色,您可以執行下列動作。To assign users to the Power BI Administrator role within the Office 365 Admin Center, you can do the following.

  1. 瀏覽至 Office 365 系統管理中心,然後選取 [使用者] > [作用中使用者]。Browse to the Office 365 Admin Center and select Users > Active Users.

  2. 選取您想要指派角色的使用者。Select the user that you want to assign the role to.
  3. 針對角色選取 [編輯]。Select Edit for roles.

  4. 選取 [Customized administrator](自訂系統管理員) > [Power BI service administrator](Power BI 服務管理員)Select Customized administrator > Power BI service administrator

  5. 選取 [儲存] 。Select Save.

您應該會看到該使用者的角色列出 [Power BI service administrator](Power BI 服務管理員)。You should see Power BI service administrator listed for the role of that user. 這些角色現在可以存取 Power BI 管理入口網站They will now have access to the Power BI admin portal.

使用 PowerShell 指派角色Using PowerShell to assign a role

若要執行 PowerShell 命令,您必須已安裝 Azure Active Directory PowerShell 模組。To run the PowerShell command, you must have the Azure Active Directory PowerShell Module installed.

下載 Azure AD PowerShell 模組Download Azure AD PowerShell module

下載 Azure Active Directory PowerShell 2 版Download Azure Active Directory PowerShell Version 2

下載 Azure Active Directory PowerShell 1.1.166.0 GA 版Download Azure Active Directory PowerShell Version 1.1.166.0 GA

新增角色至成員的命令Command to add role to member

Azure AD PowerShell v2 命令Azure AD PowerShell v2 Command

您必須取得 [Power BI 服務管理員] 角色的 ObjectIdYou will need to get the ObjectId for the Power BI Service Administrator role. 您可以執行 Get-AzureADDirectoryRole 以取得 ObjectIdYou can run Get-AzureADDirectoryRole to get the ObjectId

PS C:\Windows\system32> Get-AzureADDirectoryRole

ObjectId                             DisplayName                        Description
--------                             -----------                        -----------
00f79122-c45d-436d-8d4a-2c0c6ca246bf Power BI Service Administrator     Full access in the Power BI Service.
250d1222-4bc0-4b4b-8466-5d5765d14af9 Helpdesk Administrator             Helpdesk Administrator has access to perform..
3ddec257-efdc-423d-9d24-b7cf29e0c86b Directory Synchronization Accounts Directory Synchronization Accounts
50daa576-896c-4bf3-a84e-1d9d1875c7a7 Company Administrator              Company Administrator role has full access t..
6a452384-6eb9-4793-8782-f4e7313b4dfd Device Administrators              Device Administrators
9900b7db-35d9-4e56-a8e3-c5026cac3a11 AdHoc License Administrator        Allows access manage AdHoc license.
a3631cce-16ce-47a3-bbe1-79b9774a0570 Directory Readers                  Allows access to various read only tasks in ..
f727e2f3-0829-41a7-8c5c-5af83c37f57b Email Verified User Creator        Allows creation of new email verified users.

在本例中,角色的 objectid 是 00f79122-c45d-436d-8d4a-2c0c6ca246bf。In this case, the role objectid is 00f79122-c45d-436d-8d4a-2c0c6ca246bf.

您也需要知道使用者的 ObjectIDYou will also need to know the users ObjectID. 您可以藉由執行 Get-AzureADUser 來查明。You can find that by running Get-AzureADUser.

PS C:\Windows\system32> Get-AzureADUser -SearchString 'tim@contoso.com'

ObjectId                             DisplayName UserPrincipalName      UserType
--------                             ----------- -----------------      --------
6a2bfca2-98ba-413a-be61-6e4bbb8b8a4c Tim         tim@contoso.com        Member

若要將成員新增至角色,請執行 Add-AzureADDirectoryRoleMemberTo add the member to the role, run Add-AzureADDirectoryRoleMember.

參數Parameter 描述Description
ObjectIdObjectId 角色的 ObjectId。The Role ObjectId.
RefObjectIdRefObjectId 成員的 ObjectId。The members ObjectId.
Add-AzureADDirectoryRoleMember -ObjectId 00f79122-c45d-436d-8d4a-2c0c6ca246bf -RefObjectId 6a2bfca2-98ba-413a-be61-6e4bbb8b8a4c

Azure AD PowerShell v1 命令Azure AD PowerShell v1 Command

若要使用 Azure AD v1 Cmdlet 將成員新增至角色,您將需要執行 Add-MsolRoleMember 命令。To add a member to a role using the Azure AD v1 cmdlets, you will want to run the Add-MsolRoleMember command.

Add-MsolRoleMember -RoleMemberEmailAddress "tim@contoso.com" -RoleName "Power BI Service Administrator"

限制與考量Limitations and considerations

Power BI 服務管理員角色不提供下列項目的存取權。The Power BI service administrator role does not provide access to the following.

  • 在 Office 365 系統管理中心修改使用者和授權的能力Ability to modify users and licenses within the Office 365 Admin Center
  • 稽核記錄的存取權。Access to the audit logs. 如需詳細資訊,請參閱在組織內使用稽核For more information, see Using auditing within your organization.

後續步驟Next steps

Power BI 管理入口網站Power BI admin portal
Add-AzureADDirectoryRoleMemberAdd-AzureADDirectoryRoleMember
Add-MsolRoleMemberAdd-MsolRoleMember
稽核貴組織的 Power BIAuditing Power BI in your organization
管理貴組織中的 Power BIAdministering Power BI in your Organization

有其他問題嗎?More questions? 嘗試在 Power BI 社群提問Try asking the Power BI Community