Hi @AnHell 

You can’t hide schemas by default in Fabric SQL Database. When a user gets Warehouse Read access, they can see all schemas even if SELECT is denied.
The recommended workaround is to REVOKE SELECT at the database level, then GRANT SELECT only on the schemas you want, ideally via database roles so it scales.
Schema-level visibility control is not fully supported yet.

Best regards 

Nabha ahmed

Hi @AnHell, 

For now, no, Fabric Warehouse does NOT support a “deny everything by default” model.

Once a user has Read access to the Warehouse, they can see all schemas, even if you deny permissions.

Microsoft’s official guidance for Warehouse permissions is:

👉Use database roles to group object privileges

You create a role such as:

CREATE ROLE schema_reader;
GRANT SELECT ON SCHEMA::TargetSchema TO schema_reader;
EXEC sp_addrolemember 'schema_reader', 'yourUser';

Workarounds : 

Option 1 : Create multiple Warehouses

If isolation is important:

• Put sensitive schemas into separate Warehouses

• Give users access only to the relevant Warehouse

  This is the cleanest and most secure solution in Fabric today. Warehouses are “cheap” because storage is OneLake (shared).

Option 2 : Use Views + Deny real tables

If you want users to see ONLY what you expose:

1. Create a presentation schema

2. Expose views only

Deny access to the underlying schemas

Option 3 : Continue using DENY but automate it

If you must keep a single Warehouse:

• Generate DENY statements dynamically

• Run them via a pipeline or stored procedure

✔ To restrict access:

• Use DENY (scalable with automation), or

• Use multiple Warehouses to isolate schemas, or

Use views + deny underlying tables.

References : 

- https://learn.microsoft.com/en-us/fabric/data-warehouse/security

- https://learn.microsoft.com/en-us/fabric/data-warehouse/sql-granular-permissions

- https://learn.microsoft.com/en-us/fabric/data-warehouse/share-warehouse-manage-permissions

Hope it can help you ! 

Best regards,

Antoine