Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Vienna from September 15-18, 2025, for the ultimate Fabric, Power BI, SQL, and AI community-led learning event. Save €200 with code FABCOMM. Get registered

Reply
Navsharma
Frequent Visitor

sql analytical endpoint cls

‎07-12-2024 02:42 PM

Hi Team,

I am trying to implement the column level security to lakehouse tables using the SQL endpoint. I am using the command mentioned in microsoft learn as 

GRANT SELECT ON YourSchema.YourTable 
(Column1, Column2, Column3, Column4, Column5) 
TO [User01];

User01 has 'member' permission at the workspace level. To test the functionality, we are trying to access the columns that user doesn't have access through notebooks and sql endpoint but user01 is still able to access all the columns. Any idea what is wrong with this approach?

 

Thanks!

Labels:
Message 1 of 4
521 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable

‎07-14-2024 07:05 PM

Hi @Navsharma ,

When the permission of workspace is Admin, Member, or Contributor, it will override the permission of column level security. This provides them access to all Items within the workspace.

If they primarily require read only access, assign them to the Viewer role and grant read access on specific objects through T-SQL. For more information, see Manage SQL granular permissions.

Other users, who only need access to an individual warehouse or require access to only specific SQL objects, should be given Fabric Item permissions and granted access through SQL to the specific objects.
You can manage permissions on Microsoft Entra ID (formerly Azure Active Directory) groups, as well, rather than adding each specific member.

 

Best Regards,

Ada Wang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 2 of 4
470 Views
3 REPLIES 3
Navsharma
Frequent Visitor

‎07-15-2024 09:34 AM

@Anonymous : That make sense. Also another thing when we are setting up the CLS at lakehouse delta tables, will it work if I use direct lake connection for PBI reports or user has to use the import mode ?

Message 3 of 4
452 Views
0
Anonymous
Not applicable
In response to Navsharma

‎07-29-2024 12:46 AM

Hi @Navsharma ,

Column-level security only applies to queries on a Warehouse or SQL analytics endpoint in Fabric. Power BI queries on a warehouse in Direct Lake mode will fall back to Direct Query mode to abide by column-level security.

 

Best Regards,

Ada Wang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Message 4 of 4
385 Views
Anonymous
Not applicable

‎07-14-2024 07:05 PM

Hi @Navsharma ,

When the permission of workspace is Admin, Member, or Contributor, it will override the permission of column level security. This provides them access to all Items within the workspace.

If they primarily require read only access, assign them to the Viewer role and grant read access on specific objects through T-SQL. For more information, see Manage SQL granular permissions.

Other users, who only need access to an individual warehouse or require access to only specific SQL objects, should be given Fabric Item permissions and granted access through SQL to the specific objects.
You can manage permissions on Microsoft Entra ID (formerly Azure Active Directory) groups, as well, rather than adding each specific member.

 

Best Regards,

Ada Wang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 4
471 Views

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June FBC25 Carousel

Fabric Monthly Update - June 2025

Check out the June 2025 Fabric update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All