Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
Ayush05-gateway
Helper II
Helper II

Guidance on Securing Fabric Data Warehouse and Workspace Access

‎07-30-2025 07:34 AM

Hi Community,

I'm seeking advice on how to securely configure access to a Microsoft Fabric Data Warehouse and its associated workspace.

Business Context:
Business users with SQL and Power BI expertise would like to directly connect to the Fabric Data Warehouse for reporting and analysis.

Challenge:
In our current Synapse setup, we manage access by creating SQL users through SSMS and assigning roles that provide limited access to specific schemas and tables.

However, in Fabric Data Warehouse, this approach doesn’t fully meet our needs. To enable access, we must grant both Read/ReadAll  permissions at the Data Warehouse item level and Viewer permissions at the workspace level. This raises a concern: granting workspace-level access exposes users to other assets—such as pipelines and notebooks—which we prefer to keep restricted.

Our objective is to allow users to connect via SSMS, Power BI, or tools like Alteryx, with access limited strictly to authorized schemas and tables—without exposing other workspace artifacts.

Request:
I’d appreciate any solutions, best practices, or recommendations to enforce more granular, secure access to the Fabric Data Warehouse without compromising the overall workspace security.

Thanks in advance!

Labels:
Message 1 of 5
2,534 Views
0
1 ACCEPTED SOLUTION
NandanHegde
Super User
Super User

‎07-30-2025 08:33 AM

NandanHegde_0-1753889486504.png

via manage permission, add the group at warehouse by deselecting all permissions and then execute the Grant select query.

The manage permission would give connect rights on the warehouse




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com

View solution in original post

Message 4 of 5
2,516 Views
0
4 REPLIES 4
Ayush05-gateway
Helper II
Helper II

‎07-30-2025 10:05 AM

Thanks Nandan. it works now. Issue probably was with role which did not work. GRanting direct perms at AD level works. 

Message 5 of 5
2,507 Views
NandanHegde
Super User
Super User

‎07-30-2025 08:33 AM

NandanHegde_0-1753889486504.png

via manage permission, add the group at warehouse by deselecting all permissions and then execute the Grant select query.

The manage permission would give connect rights on the warehouse




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 4 of 5
2,517 Views
0
NandanHegde
Super User
Super User

‎07-30-2025 07:45 AM

There is no need to grant viewer access at workspace level to grant read access on fabric warehouse.

 

You can grant access directly on fabric warehouse via Grant commands:

https://learn.microsoft.com/en-us/fabric/data-warehouse/sql-granular-permissions




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 2 of 5
2,526 Views
0
Ayush05-gateway
Helper II
Helper II
In response to NandanHegde

‎07-30-2025 08:19 AM

Hi Nandan, thanks for your quick reply. Grant was provided but it did not help. Below were the commands executed, might help to find the issue.

 

GRANT select ON SCHEMA::GWODS TO db_PowerUser;
EXEC sp_addrolemember 'db_PowerUser', '<MS Entra AD Group>'

 

Where db_PowerUser is DB role and MS Entra AD Group is group created to manage users that need such access.

Message 3 of 5
2,523 Views
0

Helpful resources

Announcements
FabCon and SQLCon Highlights Carousel

FabCon &SQLCon Highlights

Experience the highlights from FabCon & SQLCon, available live and on-demand starting April 14th.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Fabric Update Carousel

Fabric Monthly Update - March 2026

Check out the March 2026 Fabric update to learn about new features.

View All