Data viewers need contributor access to view short...

RichardMartin · ‎09-17-2024

A group of users are data consumers and should have read access to data in a lakehouse in a workspace in order to consume the data.

If we make the data available in the lakehouse via a Fabric shortcut from another lakehouse in another workspace, the users can not access the data. In order to access the data they need contributor rights. When they are given this, they can modify the data in the shortcut.

Is this the intended behaviour?

frithjof_v · ‎10-12-2024

@RichardMartin I think this is how it works (and I tested it briefly on my side):

If a user only needs to read the shortcut data through T-SQL (SQL Analytics Endpoint) or Power BI, then they don't need to have access to the source (target path) of the shortcut. They only need access to the SQL Analytics Endpoint or the Power BI report in the consuming workspace (the workspace where the shortcut is created).

If a user needs to access the shortcut through Spark (e.g. Notebook), then they will need to have permission in the source (target path) of the shortcut, in addition to permission to the shortcut itself. E.g. contributor role in the source workspace and the consuming workspace.

Here is documentation about the required access permissions: Secure and manage OneLake shortcuts - Microsoft Fabric | Microsoft Learn

Anonymous · ‎10-09-2024

HI @RichardMartin,

Any update on this? Did the above suggestions help with your scenario? if that is the case, you can consider Kudo or Accept the helpful suggestions to help others who faced similar requirements.

Regards,

Xiaoxin Sheng

Shreya_Barhate · ‎10-03-2024

Hi @RichardMartin ,
Shortcut tables are only for reading data, so even with contributor access, one cannot modify the data. However, one can delete the shortcut tables with contributor access.

If you want to provide only read/viewer access to shortcut tables, you can assign the ‘Viewer’ role for the workspace. Additionally, you can configure the OneLake data access role for the specific shortcut table and grant read permission.

Get started with OneLake data access roles (preview) - Microsoft Fabric | Microsoft Learn

Regards,
Shreya

frithjof_v · ‎10-12-2024

In general, shortcut tables are not read-only. We can write to the source table through a shortcut table.

Anonymous · ‎10-03-2024

Hi @RichardMartin ,

Did the above suggestions help with your scenario? if that is the case, you can consider Kudo or Accept the helpful suggestions to help others who faced similar requirements.

If these also don't help, please share more detailed information and description to help us clarify your scenario to test.

How to Get Your Question Answered Quickly

Regards,

Xiaoxin Sheng

FabianSchut · ‎09-18-2024

Hi @RichardMartin, there has just been a blog post about Workspace Identity for OneLake Shortcuts published. Does that solve your problem: https://blog.fabric.microsoft.com/en-us/blog/introducing-workspace-identity-authentication-for-onela...

Anonymous · ‎09-17-2024

Hi @RichardMartin,

You can refer to the following link to know the different permission between workspace roles, if you only want they can read data, I'd like to suggest you only assign viewer permission on both workspace and fabric item.

Roles in workspaces in Microsoft Fabric - Microsoft Fabric | Microsoft Learn

Regards,

Xiaoxin Sheng

Anonymous · ‎09-17-2024

Hi @RichardMartin

Your question belongs to Data Engineering, I have transferred your question to the corresponding forum, an engineer will deal with you later, please be patient.

https://community.fabric.microsoft.com/t5/Data-Engineering/bd-p/ac_dataengineering

Best Regards,
Community Support Team _ Ailsa Tao