Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
Ayush05-gateway
Helper I
Helper I

Guidance on Securing Fabric Data Warehouse and Workspace Access

‎07-30-2025 07:34 AM

Hi Community,

I'm seeking advice on how to securely configure access to a Microsoft Fabric Data Warehouse and its associated workspace.

Business Context:
Business users with SQL and Power BI expertise would like to directly connect to the Fabric Data Warehouse for reporting and analysis.

Challenge:
In our current Synapse setup, we manage access by creating SQL users through SSMS and assigning roles that provide limited access to specific schemas and tables.

However, in Fabric Data Warehouse, this approach doesn’t fully meet our needs. To enable access, we must grant both Read/ReadAll  permissions at the Data Warehouse item level and Viewer permissions at the workspace level. This raises a concern: granting workspace-level access exposes users to other assets—such as pipelines and notebooks—which we prefer to keep restricted.

Our objective is to allow users to connect via SSMS, Power BI, or tools like Alteryx, with access limited strictly to authorized schemas and tables—without exposing other workspace artifacts.

Request:
I’d appreciate any solutions, best practices, or recommendations to enforce more granular, secure access to the Fabric Data Warehouse without compromising the overall workspace security.

Thanks in advance!

Labels:
Message 1 of 5
449 Views
0
1 ACCEPTED SOLUTION
NandanHegde
Super User
Super User

‎07-30-2025 08:33 AM

NandanHegde_0-1753889486504.png

via manage permission, add the group at warehouse by deselecting all permissions and then execute the Grant select query.

The manage permission would give connect rights on the warehouse




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com

View solution in original post

Message 4 of 5
431 Views
0
4 REPLIES 4
Ayush05-gateway
Helper I
Helper I

‎07-30-2025 10:05 AM

Thanks Nandan. it works now. Issue probably was with role which did not work. GRanting direct perms at AD level works. 

Message 5 of 5
422 Views
NandanHegde
Super User
Super User

‎07-30-2025 08:33 AM

NandanHegde_0-1753889486504.png

via manage permission, add the group at warehouse by deselecting all permissions and then execute the Grant select query.

The manage permission would give connect rights on the warehouse




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 4 of 5
432 Views
0
NandanHegde
Super User
Super User

‎07-30-2025 07:45 AM

There is no need to grant viewer access at workspace level to grant read access on fabric warehouse.

 

You can grant access directly on fabric warehouse via Grant commands:

https://learn.microsoft.com/en-us/fabric/data-warehouse/sql-granular-permissions




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 2 of 5
441 Views
0
Ayush05-gateway
Helper I
Helper I
In response to NandanHegde

‎07-30-2025 08:19 AM

Hi Nandan, thanks for your quick reply. Grant was provided but it did not help. Below were the commands executed, might help to find the issue.

 

GRANT select ON SCHEMA::GWODS TO db_PowerUser;
EXEC sp_addrolemember 'db_PowerUser', '<MS Entra AD Group>'

 

Where db_PowerUser is DB role and MS Entra AD Group is group created to manage users that need such access.

Message 3 of 5
438 Views
0

Helpful resources

Announcements
Fabric July 2025 Monthly Update Carousel

Fabric Monthly Update - July 2025

Check out the July 2025 Fabric update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All