Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Did you hear? There's a new SQL AI Developer certification (DP-800). Start preparing now and be one of the first to get certified. Register now

Reply
wardy912
Super User
Super User

Warehouse security when using Direct Lake models

‎04-29-2026 02:54 AM

Hi Everyone,

 

 I have a warehouse that contains 2 schemas, support and finance.
I've built 2 Direct Lake models using the OneLake connector.

I am using item level permissions to ensure security.

It's my understanding that the users can only view the reports if they have 'read' and 'readall' item level permissions on the warehouse.

I'm trying to add granular permissions in T-SQL to prevent one group of users from accessing the finance schema, but it seems that the required item level permission 'readall' negates the rules I've added.

If a user gets access to a fabric capacity and creates a lakehouse, they can create a shortcut to the data that should be restricted.

 

Has anyone faced this issue and managed to resolve it? Is my only option creating separate warehouses?

Labels:
Message 1 of 6
407 Views
0
1 ACCEPTED SOLUTION
wardy912
Super User
Super User

Thursday

I have received information from the OneLake security team stating that they are actively working on a warehouse solution. In the meantime, I'll need to create a separate warehouse for each schema to ensure security.

View solution in original post

Message 6 of 6
93 Views
0
5 REPLIES 5
wardy912
Super User
Super User

Thursday

I have received information from the OneLake security team stating that they are actively working on a warehouse solution. In the meantime, I'll need to create a separate warehouse for each schema to ensure security.

Message 6 of 6
94 Views
0
v-shchada-msft
Community Support
Community Support

Monday

Hi @wardy912,

Thank you for reaching out to the Microsoft Fabric Community Forum, and thanks to the @tayloramy  for sharing helpful insights.

Just checking in, were you able to resolve the issue using any of the suggestions provided? If not, please feel free to share an update, and we'll be happy to assist further.

Your feedback will also help others facing similar challenges.
Thank you!

Message 5 of 6
192 Views
wardy912
Super User
Super User

‎04-29-2026 07:10 AM

Thanks @tayloramy ,

 

 That makes sense, it's too late to go back to SQL endpoint now.
ReadAll seems to be essential to use onelake connection.

Message 3 of 6
374 Views
0
tayloramy
Super User
Super User
In response to wardy912

‎04-29-2026 03:22 PM

Hi @wardy912

 

Yeah, security on warehouses leaves something to be desired for sure. 

For this reason I tend to use Lakehouses for all my stuff, then you can use OneLake Security and everything is fairly consistent.  





If you found this helpful, consider giving some Kudos.
If I answered your question or solved your problem, mark this post as the solution!
Join the Fabric Discord!

Proud to be a Super User!



Message 4 of 6
324 Views
tayloramy
Super User
Super User

‎04-29-2026 06:52 AM

Hi @wardy912

 

You shouldn't need to grant readall if you have granted grnaular item level security on the tables in your warehouse. 

 

Note that if the permissions are applied on the TSQL level, then you will need to use DirectLake on SQL, not DirectLake on OneLake. 





If you found this helpful, consider giving some Kudos.
If I answered your question or solved your problem, mark this post as the solution!
Join the Fabric Discord!

Proud to be a Super User!



Message 2 of 6
377 Views
0

Helpful resources

Announcements
April Fabric Update Carousel

Fabric Monthly Update - April 2026

Check out the April 2026 Fabric update to learn about new features.

Fabric SQL PBI Data Days

Data Days 2026 coming soon!

Sign up to receive a private message when registration opens and key events begin.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

View All