You're absolutely right—this limitation can be quite frustrating, especially when trying to maintain a least-privilege access model. It's not as straightforward as it is in Synapse or Data Factory.

To work around this, we’ve adopted a mitigation strategy by introducing an intermediary collaboration workspace. Here's how we approach it:

We start with a primary workspace, for example, contoso_wsp[Dev]. As an admin, I create a secondary workspace named contoso_collaboration_wsp. I then assign contributor users as admins to this collaboration workspace—not to the original one. This setup gives them the permissions needed to create their own development branches or workspaces (e.g., contoso_collaboration_wsp_contributor1, contoso_collaboration_wsp_contributor2, etc.).

Once their work is complete, I review and merge changes from these contributor workspaces back into the main contoso_wsp [Dev].

While it’s a bit of an overhead and certainly not ideal, this structure helps us maintain control over the dev environment while enabling contributor-level users to work independently.

That said, I’d be keen to hear how others are overcoming this challenge and whether there are any updates on how Microsoft Fabric plans to mature its support for DevOps/DataOps and CI/CD workflows.

Hi @ifeanyi , 

Thank you very much for your valuable contribution.

I’d like to better understand how your approach could fit into our setup. Currently, it seems that each user requires at least one dedicated workspace. If you have a collaboration workspace where multiple users are working simultaneously, only one branch can be active at a time.

I’m also curious to explore what happens when a developer is involved in multiple projects. It could become a maintenance challenge if we need to create a separate workspace for each developer and project combination.

I look forward to hearing your thoughts on this.

Hi @hernandezpaulms ,

Thank you for raising these important considerations.

You're absolutely right — there is a potential maintenance challenge when managing multiple workspaces, especially when developers are contributing across several projects. The intention behind our current approach is to allow contributors to branch out from the collaborative workspace, where all users have admin rights. This enables them to create their own isolated workspaces without affecting the main dev branch.

That said, we're still in the experimental phase and are hopeful that the native Git integration in Microsoft Fabric will soon evolve to better support the necessary functionality for contributor roles.

In parallel, we're also exploring an alternative approach where, as an admin of the main dev branch, I create dedicated branches for individual contributors (e.g., feature-x, feature-y, feature-z). Each contributor can then link their personal workspace to their respective feature branch, work independently, and later merge their changes back into the dev branch in a more controlled manner.

Hope this was helpful — I’d be keen to hear how others are approaching this as well.

Thank you for sharing the link to the Microsoft documentation. I have reviewed the resource, and it confirms that workspace roles such as Admin, Member, and Contributor should have the ability to "Branch out to new workspace."

Current Setup:

• As the Fabric Admin, I have enabled the organization-wide setting to allow workspace creation for all users.

Issue Observed:

1. Users with the Contributor role do not have access to the "Branch out to new workspace" option (it remains disabled).

2. When I upgrade the user’s role to Member, the option becomes enabled, but attempting to use it results in an error.

3. The feature functions only when the user is assigned the Admin role, which is not ideal from a security and governance perspective.

Request for Further Assistance:

• Are there additional prerequisites or configurations required beyond the documented settings?

• Could this be a potential issue with role-based permissions or a system limitation?

I would appreciate any further insights or troubleshooting steps to resolve this discrepancy. Thank you in advance for your support!

Verified from my end and I see below documentation from Microsoft, please check below and try to troubleshoot. 

https://learn.microsoft.com/en-us/fabric/cicd/troubleshoot-cicd#branching-out-i-dont-see-the-branch-...

https://learn.microsoft.com/en-us/fabric/cicd/git-integration/manage-branches?tabs=azure-devops#scen...

https://learn.microsoft.com/en-us/fabric/cicd/git-integration/git-integration-process?tabs=Azure%2Cg...

https://learn.microsoft.com/en-us/fabric/cicd/git-integration/conflict-resolution

Hi @ifeanyi ,

Did @AdityaSQLFabric  response resolve your issue?

If yes, please consider marking the helpful reply as the accepted solution. This helps other community members with similar questions find answers more easily.

Thank you for being a valued member of the Microsoft Fabric Community Forum!

Hi @v-aatheeque ,

Thanks for following up. @AdityaSQLFabric response provided useful insights. 

However, some other user have also reported experiencing similar issues, indicating a gap between expected functionality and actual implementation. This concern needs to be raised with the Microsoft Fabric team for further clarification.

You can also check out this discussion:

https://www.skool.com/microsoft-fabric/new-video-3-of-the-dp-700-series-just-launched-on-cicd?p=0d0d... 

Hi @ifeanyi ,

Thanks for highlighting the issue. I also suggest posting it in the Ideas platform so that Microsoft may consider implementing it in the future.
https://ideas.fabric.microsoft.com/ideas/search-ideas/

Feedback submitted through these channels is frequently reviewed by the product teams and can contribute to meaningful improvements.

 If our response addressed by the community member for  your querys, please mark it as Accept Answer and click Yes if you found it helpful.

Thank you for being a part of the Microsoft Fabric Community Forum!
 

Hi @nilendraFabric ,

Thank you for your response. I understand that Contributors have limited permissions compared to Members and Admins. However, the Microsoft Fabric Git integration documentation suggests Contributors should be able to checkout branches and create workspaces as part of the Git workflow.

Could there be additional settings or restrictions causing this, or is the documentation outdated? I’d appreciate further clarification.

Thanks again!

Hello @ifeanyi 

Contributor role can pull updates from Git (“Update from Git”) and push or commit changes (“Commit workspace changes to Git”) only if they have full WRITE rights on all items that need modification. This means:
• The user must be granted the Contributor role in the workspace.
• Their corresponding Git repository permissions should be set to allow both reading (Read=Allow) and contributing (Contribute=Allow) changes.
• Additionally, branch policies must be configured to permit direct commits. If the branch has requirements like pull requests or other controls, those rules must be respected, and direct commits might not be allowed.

see if this is all done and then test it. 

Hi @nilendraFabric ,

Thank you for the detailed explanation. To clarify, I have already assigned the user the Contributor role in the workspace and granted them Project Contributor access to the project from the Azure DevOps Git repository.

I assumed that (Read=Allow) and (Contribute=Allow) permissions would be applied automatically, as this was the case in previous setups where users with the Contributor role in the workspace could perform Git operations without additional configuration.

However, I reviewed the Azure DevOps Git repository settings under Project Settings --> Permissions --> Contributors and did not find the explicit (Read=Allow) option as described in the image below.

Could you please confirm if these permissions are managed elsewhere or if there’s an additional step I might be missing?

Thank you for your support!

Hi @ifeanyi ,

@nilendraFabric  Thanks for your prompt response, In addition to that you can refer below link related to Git repositoty permissions.

Doc : https://learn.microsoft.com/en-us/azure/devops/repos/git/set-git-repository-permissions?view=azure-d...

If this post helps then please consider Accept it as the solution to help the other members find it more quickly.
 
Should you have any further questions, feel free to reach out.
Thank you for being a part of the Microsoft Fabric Community Forum!
 

We are seeing simalar issues all of the sudden since a week or so.
No changes have been done to the repository on devops, so the permissions are still the same and work, if the user has admin role on the workspace.
However before a week ago, the user was contributor and it worked as well, so something has changed but apparently nobody knows...