Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Vienna from September 15-18, 2025, for the ultimate Fabric, Power BI, SQL, and AI community-led learning event. Save €200 with code FABCOMM. Get registered

Reply
mramesh
Frequent Visitor

How to Grant Access to an Individual Table/View in SQL Analytics Endpoint for a Lakehouse?

‎11-13-2024 01:33 AM

Hi Community,
I'm working with the Lakehouse in Microsoft Fabric, and I need to provide access to a specific table or view through the SQL Analytics endpoint. Can anyone share the steps or best practices for granting access to an individual table/view via SQL Analytics, without giving broader access to the entire Lakehouse or other tables/views?

 

Labels:
Message 1 of 6
2,511 Views
2 ACCEPTED SOLUTIONS
VenuBollineni
Advocate I
Advocate I

‎11-13-2024 01:52 AM

Hi @mramesh  Good Day!

For example, to give a specific user access to a view, you can use T-SQL

GRANT SELECT ON [lakehouse_demo].[dbo].[Customer10] TO [username];

VenuBollineni_0-1731491520098.png

 



For doc pls check below
What is the SQL analytics endpoint for a lakehouse? - Microsoft Fabric | Microsoft Learn
Lakehouse sharing and permission management - Microsoft Fabric | Microsoft Learn

Regards,
Venu Bollineni

View solution in original post

Message 2 of 6
2,497 Views
AndyDDC
Super User
Super User

‎11-13-2024 01:56 AM

Hi @mramesh further to what @VenuBollineni said, you also need to "share" the lakehouse with the user (or group).  Make sure you don't check any of the options, doing this will only give the user "connect" permissions to the Lakehouse SQL Endpoint.  Then the object level permissions as described by @VenuBollineni will kick in

 

AndyDDC_0-1731491748135.png

 

View solution in original post

Message 3 of 6
2,488 Views
5 REPLIES 5
fdnavarropecci
Advocate I
Advocate I

‎12-11-2024 03:51 AM

Hi, I have been testing this as well and found some unexpected behaviour.

If someone has experience with item-level access control and grants on specific views and sees a mistake in my process here, please chip in. Otherwise this looks like a bug/flaw to me.

Use Case and Setup Description

 

We have a workspace with three Lakehouse items: Bronze, Silver and Gold.

 

We want to expose certain views on the gold layer as a data product.

 

The access should be granted only  to users that belong to a given AD Group. 

 

The group is granted Read access to the Lakehouse Item. No ReadData or ReadAll permissions are given.

 

The group does not have any roles assigned at workspace level.

The group is in addition granted select on certain views in the Gold Lakehouse.

 

The expected behavior would be that the users in that group can list the tables and views in the Gold Lakehouse via the SQL Endpoint and read the data from the views they have been granted access to. We would expect that the users can't see the tables and views, nor read the data in the Bronze and Silver Lakehouses.

 

Findings

 

  1. There is a single SQL endpoint for the whole workspace, not one per Lakehouse. We initially were under the impression that each Lakehouse had a separate SQL endpoint. If a Warehouse item is added to the same workspace, it will also share the same SQL endpoint.
  2. Once granted read to one of the Lakehouses, users can see and read data in every other Lakehouse/Warehouse via the SQL endpoint, even if there is no access specifically granted to them to those items.




Message 4 of 6
2,076 Views
PatChan
Helper I
Helper I
In response to fdnavarropecci

‎05-06-2025 11:26 PM

Hi @fdnavarropecci, thanks for your detailed thought process. I am like you where after I ran "GRANT SELECT ON [lakehouse_demo].[dbo].[Customer10] TO [username];", this [username] could see every single tables and views even though we only granted this [username] one view. Have you found a solution to this yet?

Message 5 of 6
855 Views
0
fdnavarropecci
Advocate I
Advocate I
In response to PatChan

‎05-09-2025 03:34 AM

Hi @PatChan , we tested this again and is now working as expected. We suspect it was related to some role assignments that were removed shortly before granting access to the item.

Message 6 of 6
795 Views
AndyDDC
Super User
Super User

‎11-13-2024 01:56 AM

Hi @mramesh further to what @VenuBollineni said, you also need to "share" the lakehouse with the user (or group).  Make sure you don't check any of the options, doing this will only give the user "connect" permissions to the Lakehouse SQL Endpoint.  Then the object level permissions as described by @VenuBollineni will kick in

 

AndyDDC_0-1731491748135.png

 

Message 3 of 6
2,489 Views
VenuBollineni
Advocate I
Advocate I

‎11-13-2024 01:52 AM

Hi @mramesh  Good Day!

For example, to give a specific user access to a view, you can use T-SQL

GRANT SELECT ON [lakehouse_demo].[dbo].[Customer10] TO [username];

VenuBollineni_0-1731491520098.png

 



For doc pls check below
What is the SQL analytics endpoint for a lakehouse? - Microsoft Fabric | Microsoft Learn
Lakehouse sharing and permission management - Microsoft Fabric | Microsoft Learn

Regards,
Venu Bollineni

Message 2 of 6
2,498 Views

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June FBC25 Carousel

Fabric Monthly Update - June 2025

Check out the June 2025 Fabric update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All