Solved: [Microsoft Fabric] Workspace/Artifacts Acces/Right...

MathieuSGA · ‎06-30-2025

We have a situation here and we can't quite master/understand the best way to achieve what we want to do...

In one `ws_fabric` workspace, let's say we have the following tree:

ws_fabric_bi
   |- topic_A (emp)
      |- SemAndReport
         |- sem_a
         |- report_a
   |- topic_B (ludivine)
      |- SemAndReport
         |- sem_b
         |- report_b

Let's say we have two list of users:
* `list_a`: through an audience, only them should be able to view 'report_a'
* `list_b`: should be able to:
- import 'report_b' to be able to modify/add visuals in 'Power BI Desktop'
- publish back to 'ws_fabric_bi'
(- **without** having access to 'topic_A')

PS: We did not want to disrupt the solution you guys could provide by throwing hypothesis we add but...is using 'Sensitivity Label' a "best_practice" enabler ?

lbendlin · ‎06-30-2025

(- **without** having access to 'topic_A')

Impossible in a single workspace. Use separate workspaces.

View solution in original post

v-prasare · ‎07-08-2025

Hi @MathieuSGA,

we haven't heard back from you regarding our last response and wanted to check if your issue has been resolved.

If our response addressed by the community member for your query, please mark it as Accept Answer and click Yes if you found it helpful.

Should you have any further questions, feel free to reach out.
Thank you for being a part of the Microsoft Fabric Community Forum!

jennratten · ‎07-02-2025

I agree with @lbendlin. The best way to meet this need is to create separate workspaces.

At this time, there is not a way to allow a user to edit the visuals of a published report without also allowing them to see all other reports in the workspace. Based on this requirement, the minimum permission needed by list_b is workspace contributor. With this permission, they also inherit access to the PowerBI app (and app audiences) for the workspace. While sensitivity labels enhance governance by allowing for auditing, the classification of content, protecting exported data, etc. they don't control artifact visibility.

v-prasare · ‎07-01-2025

Hi @MathieuSGA,

Thanks for participating in MS fabric community.

@lbendlin, Thanks for your prompt response.

Can you refer to below and explore workspace roles + dataset permissions + item-level security in fabric workspaces: https://learn.microsoft.com/en-us/fabric/fundamentals/roles-workspaces

Role	Permissions
Admin	Full control: manage access, delete items, publish, etc.
Member	Can edit all content, create new content, but can't manage workspace access
Contributor	Can create/edit content (pipelines, datasets, notebooks), can't delete workspace
Viewer	Read-only: Can view content, run reports, but can’t edit anything

Thanks,

Prashanth Are

MS Fabric community support

If this helps resolve your question, please mark accept asanswer by soing this users with similar questions find answers easily.

lbendlin · ‎06-30-2025

(- **without** having access to 'topic_A')

Impossible in a single workspace. Use separate workspaces.

MathieuSGA · ‎07-09-2025

@v-prasare , @jennratten Thanks to you also since you also pointed to the same direction.
Good day to you all.

[Microsoft Fabric] Workspace/Artifacts Acces/Rights

Helpful resources

Fabric Monthly Update - December 2025

FabCon Atlanta 2026

FabCon is coming to Atlanta

[Microsoft Fabric] Workspace/Artifacts Acces/Rights

Helpful resources

Fabric Monthly Update - December 2025

FabCon Atlanta 2026