Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes! Register now.

Reply
Ayush05-gateway
Helper I
Helper I

Guidance on Securing Fabric Data Warehouse and Workspace Access

‎07-30-2025 07:34 AM

Hi Community,

I'm seeking advice on how to securely configure access to a Microsoft Fabric Data Warehouse and its associated workspace.

Business Context:
Business users with SQL and Power BI expertise would like to directly connect to the Fabric Data Warehouse for reporting and analysis.

Challenge:
In our current Synapse setup, we manage access by creating SQL users through SSMS and assigning roles that provide limited access to specific schemas and tables.

However, in Fabric Data Warehouse, this approach doesn’t fully meet our needs. To enable access, we must grant both Read/ReadAll  permissions at the Data Warehouse item level and Viewer permissions at the workspace level. This raises a concern: granting workspace-level access exposes users to other assets—such as pipelines and notebooks—which we prefer to keep restricted.

Our objective is to allow users to connect via SSMS, Power BI, or tools like Alteryx, with access limited strictly to authorized schemas and tables—without exposing other workspace artifacts.

Request:
I’d appreciate any solutions, best practices, or recommendations to enforce more granular, secure access to the Fabric Data Warehouse without compromising the overall workspace security.

Thanks in advance!

Labels:
Message 1 of 5
1,007 Views
0
1 ACCEPTED SOLUTION
NandanHegde
Super User
Super User

‎07-30-2025 08:33 AM

NandanHegde_0-1753889486504.png

via manage permission, add the group at warehouse by deselecting all permissions and then execute the Grant select query.

The manage permission would give connect rights on the warehouse




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com

View solution in original post

Message 4 of 5
989 Views
0
4 REPLIES 4
Ayush05-gateway
Helper I
Helper I

‎07-30-2025 10:05 AM

Thanks Nandan. it works now. Issue probably was with role which did not work. GRanting direct perms at AD level works. 

Message 5 of 5
980 Views
NandanHegde
Super User
Super User

‎07-30-2025 08:33 AM

NandanHegde_0-1753889486504.png

via manage permission, add the group at warehouse by deselecting all permissions and then execute the Grant select query.

The manage permission would give connect rights on the warehouse




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 4 of 5
990 Views
0
NandanHegde
Super User
Super User

‎07-30-2025 07:45 AM

There is no need to grant viewer access at workspace level to grant read access on fabric warehouse.

 

You can grant access directly on fabric warehouse via Grant commands:

https://learn.microsoft.com/en-us/fabric/data-warehouse/sql-granular-permissions




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 2 of 5
999 Views
0
Ayush05-gateway
Helper I
Helper I
In response to NandanHegde

‎07-30-2025 08:19 AM

Hi Nandan, thanks for your quick reply. Grant was provided but it did not help. Below were the commands executed, might help to find the issue.

 

GRANT select ON SCHEMA::GWODS TO db_PowerUser;
EXEC sp_addrolemember 'db_PowerUser', '<MS Entra AD Group>'

 

Where db_PowerUser is DB role and MS Entra AD Group is group created to manage users that need such access.

Message 3 of 5
996 Views
0

Helpful resources

Announcements
September Fabric Update Carousel

Fabric Monthly Update - September 2025

Check out the September 2025 Fabric update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All