Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
Jeanxyz
Power Participant
Power Participant

permission rights for shortcut

‎09-25-2025 07:07 AM

If I create a shortcut in Fabric Lakehouse, pointing at target path in another Fabric Lakehouse, do I need to give users read permission to the target path ?

Below is what I find from MS documentation. As far as I know, there are only two ways to share a shortcut in Lakehouse with others

1. give workspace access

2. give readdata or readall permission rights to the Lakehouse

In both ways, the user will have SQL endpoint access to the lakehouse, that means the second bulletpoints will apply, i.e., the user doesn't need read permission to the target path. Is that correct? If that's correct, I assume the same applies to a shortcut created in Warehouse. 

 

  • When a user accesses data through a shortcut to another OneLake location, OneLake uses the identity of the calling user to authorize access to the data in the target path of the shortcut. This user must have permissions in the target location to read the data.
  • When users access shortcuts through Power BI semantic models or T-SQL, the calling user’s identity is not passed through to the shortcut target. The calling item owner’s identity is passed instead, delegating access to the calling user.

https://learn.microsoft.com/en-us/fabric/onelake/onelake-shortcuts

Labels:
Message 1 of 3
550 Views
0
1 ACCEPTED SOLUTION
tayloramy
Community Champion
Community Champion

‎09-25-2025 09:14 PM

Hi @Jeanxyz

Access via Spark/Files/Notebooks (lake side): The caller’s own identity is used on the target path, so users must have read permissions on the target location in addition to access to the lakehouse with the shortcut. Docs

 

Access via SQL endpoint or Power BI semantic model: The item owner’s identity is delegated to the target. End users do not need target-path permissions; they only need permissions on the calling item, while the owner must have access to the target. 

 

Most restrictive wins: Effective permissions are constrained by both the shortcut path and the target path (e.g., no writes if either side lacks write). Docs

 

Warehouse parity: For Warehouse shortcuts accessed via T-SQL, granting readers Read all data using SQL is sufficient, provided the Warehouse owner can read the target. Docs

 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.

View solution in original post

Message 2 of 3
502 Views
2 REPLIES 2
tayloramy
Community Champion
Community Champion

‎09-25-2025 09:14 PM

Hi @Jeanxyz

Access via Spark/Files/Notebooks (lake side): The caller’s own identity is used on the target path, so users must have read permissions on the target location in addition to access to the lakehouse with the shortcut. Docs

 

Access via SQL endpoint or Power BI semantic model: The item owner’s identity is delegated to the target. End users do not need target-path permissions; they only need permissions on the calling item, while the owner must have access to the target. 

 

Most restrictive wins: Effective permissions are constrained by both the shortcut path and the target path (e.g., no writes if either side lacks write). Docs

 

Warehouse parity: For Warehouse shortcuts accessed via T-SQL, granting readers Read all data using SQL is sufficient, provided the Warehouse owner can read the target. Docs

 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.
Message 2 of 3
503 Views
Jeanxyz
Power Participant
Power Participant
In response to tayloramy

‎09-26-2025 01:09 AM

Thank you so much for the thorough explanation. I totally forgot access via Spark notebooks. I also notice that when I give users permission via OneLake access, I receive an warning that the user must have read access to the target path first. 

Message 3 of 3
493 Views
0

Helpful resources

Announcements
December Fabric Update Carousel

Fabric Monthly Update - December 2025

Check out the December 2025 Fabric Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All