Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
Krumelur
Microsoft Employee
Microsoft Employee

Permission requirements for OneLake Shortcuts

‎06-26-2024 11:47 AM

I'm trying to understand what permissions are required in a shortcut-to-shortcut-to-ADLS2 scenario.

Please refer to the image.

 

I observe that "partners" are unable to use the shortcuts in "PartnerLakehouse", which are pointing to shortcuts in "GoldLakehouse", which are pointing to blobs in ADLS2.

 

The error message I see indicates that partners do not have permissions on GoldLakehouse. And they should not. They should only have access the PartnerLakehouse. Are the shortcuts that are pointing to shortcuts not using a delegated model?

 

What permissions do I need to grant partners to make my scenario work? Note: I do not want to add any permissions to partners at workspace level but only on Lakehouse, if that's a reuirement.

 

Krumelur_0-1719427436234.png

 

Labels:
Message 1 of 4
1,863 Views
0
1 ACCEPTED SOLUTION
Krumelur
Microsoft Employee
Microsoft Employee

‎07-09-2024 12:15 AM

The problem is/was: when creating shortcuts to something that points to ADLS2, the current user's permissions are used. In other words: if Alice creates a shortcut from from Lakehouse A to Lakehouse B and Bob uses the shortcut, Bob's permissions will be applied, not Alice's.

This is true all the way down to where the shortcut ultimately points to an external ADLS2 via a connection. At this point, the permissions of the connection will be used (SPN, OAuth, ...).

 

https://learn.microsoft.com/en-us/fabric/onelake/security/data-access-control-model#onelake-rbac-in-...

View solution in original post

Message 4 of 4
1,741 Views
0
3 REPLIES 3
Krumelur
Microsoft Employee
Microsoft Employee

‎07-09-2024 12:15 AM

The problem is/was: when creating shortcuts to something that points to ADLS2, the current user's permissions are used. In other words: if Alice creates a shortcut from from Lakehouse A to Lakehouse B and Bob uses the shortcut, Bob's permissions will be applied, not Alice's.

This is true all the way down to where the shortcut ultimately points to an external ADLS2 via a connection. At this point, the permissions of the connection will be used (SPN, OAuth, ...).

 

https://learn.microsoft.com/en-us/fabric/onelake/security/data-access-control-model#onelake-rbac-in-...

Message 4 of 4
1,742 Views
0
v-cboorla-msft
Microsoft Employee
Microsoft Employee

‎06-26-2024 10:40 PM

Hi @Krumelur 

 

Thanks for using Microsoft Fabric Community.

Apologize for the inconvenience.

The best course of action is to open a support ticket, It's highly recommended that you reach out to our support team. Their expertise will be invaluable in suggesting the most appropriate approach.

Please reach out to our support team Microsoft Fabric Support and Status | Microsoft Fabric.

After creating a Support ticket please provide the ticket number as it would help us to track for more information.

 

Thank you.

Message 2 of 4
1,817 Views
0
v-cboorla-msft
Microsoft Employee
Microsoft Employee
In response to v-cboorla-msft

‎06-30-2024 10:59 PM

hi @Krumelur 

 

We haven’t heard from you on the last response and was just checking back to see if you've had a chance to submit a support ticket. If you have, a reference to the ticket number would be greatly appreciated. This will allow us to track the progress of your request and ensure you receive the most efficient support possible.

 

Thank you.

Message 3 of 4
1,779 Views
0

Helpful resources

Announcements
December Fabric Update Carousel

Fabric Monthly Update - December 2025

Check out the December 2025 Fabric Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All