Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fabric Data Days Monthly is back. Join us on March 26th for two expert-led sessions on 1) Getting Started with Fabric IQ and 2) Mapping & Spacial Analytics in Fabric. Register now

Reply
sglen
New Member

OneLake security roles via REST API not syncing to SQL analytics endpoint

Thursday

We’re using a script to apply data access roles via the Fabric REST API (PUT /dataAccessRoles). The API returns HTTP 200, and the roles plus members show up correctly via the List API, so the roles are applied on the lakehouse.

 

But the SQL analytics endpoint is not picking up these changes.

 

The ols_ roles do get created in the SQL endpoint, but the members are not synced. As a result, sys.database_role_members stays empty.

 

The sync only seems to trigger when changes are made through the OneLake Security UI in the Fabric portal.

Evidence

  • Our script ran successfully, HTTP 200, all roles with members confirmed via List API

  • SQL endpoint shows ols_ roles created, but zero members in sys.database_role_members

  • After manually removing and re-adding a member via the UI for a role, all members appeared immediately

Impact

New users or groups added via deploy do not get SQL endpoint access until a manual sync is triggered via the UI

Current workaround

Per role in the OneLake Security UI: remove a member, save, add it back, save. This triggers the sync.

 

Can this be investigated and resolved?

Message 1 of 2
152 Views
0
1 REPLY 1
v-echaithra
Community Support
Community Support

Friday

Hi @sglen ,

Based on your findings, this behavior appears to indicate a synchronization gap between OneLake security Data Access Roles applied via API and the SQL Analytics endpoint.

While the PUT /dataAccessRoles API successfully updates the OneLake security metadata as confirmed via the List API, the corresponding role membership is not being propagated to the SQL Analytics endpoint. This is evident from the absence of entries in sys.database_role_members, despite the roles themselves being created.
In contrast, making any modification through the OneLake Security UI triggers an internal process that correctly synchronizes role memberships to the SQL endpoint. This suggests that the UI invokes an additional backend sync mechanism that is currently not triggered by API operations.
Additionally, there is currently no documented API or supported method to explicitly trigger the OneLake > SQL endpoint security sync.
We recommend raising a Microsoft Fabric support ticket with the relevant details workspace, lakehouse, timestamps, and reproduction steps so this can be investigated further by the product team and addressed appropriately.
Please refer below link on how to raise a contact support or support ticket. 
How to create a Fabric and Power BI Support ticket - Power BI | Microsoft Learn 

Regards,
Community Support Team.

Message 2 of 2
101 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Fabric Update Carousel

Fabric Monthly Update - March 2026

Check out the March 2026 Fabric update to learn about new features.

View All