Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

A new Data Days event is coming soon! This time we’re going bigger than ever. Fabric, Power BI, SQL, AI and more. Don't miss out.

mk_sunitha
Microsoft Employee
‎05-14-2026 02:00 PM

Custom authorization for API for GraphQL in Microsoft Fabric (Preview)

Author: Sunitha Muthukrishna - Principal Product Manager

 

Authorizer User Data Functions for API for GraphQL in Microsoft Fabric(Preview). It’s now easier to add your own authorization rules to a GraphQL API, so you can control access based on the needs of your business. This is especially useful when access decisions depend on custom business rules, user context, or domain-specific policies that go beyond available permission models.

 

How it works

  1. A request is sent to your API for GraphQL in Fabric.
  2. Before data is returned, the API calls the Authorizer User Data Function you configured.
  3. The function checks the request context, such as user details, roles, tenant information, or other inputs you choose to evaluate.
  4. Your custom policy logic runs and decides whether the request should be allowed, limited, or denied.
  5. If the request is allowed, the GraphQL operation continues and returns the appropriate data.
  6. If the request does not meet the policy rules, access can be blocked or restricted based on your implementation.

 

Authorizer User Data Functions can help you deliver secure, policy-aware GraphQL experiences with less custom infrastructure.

 

mk_sunitha_0-1778727863503.png

 

Figure: This diagram shows how the policy decision affects the request.

 

 

Getting started

 

  1. Create a user data function and create a custom authorization function. You can use the sample custom authorizer UDF if it meets your needs.
  2.  Add the connection for User data function.
  3. Create or use an existing API for GraphQL in Fabric and enable Authorization feature in settings.

 

Use cases

The following are two practical examples of where a custom authorization can help:

 

  • Multi-tenant SaaS application: A software provider exposes customer data through a single GraphQL API, but each customer should only see their own records. The authorizer function can check the tenant ID in the user’s token and make sure the request only accesses data for that tenant. For example, if a user from Contoso signs in, the function can allow access only to Contoso’s orders, invoices, or support cases.
  • Role-based access to sensitive data: An internal business app uses GraphQL to expose employee and finance data, but not every user should see salary or budget details. The authorizer function can inspect the user’s role or group membership and apply different rules before the query runs. For example, an HR manager might be allowed to view compensation fields, while a department lead can only see team headcount and high-level budget totals.

 

Conclusion

Authorizer User Data Functions give you a practical way to apply custom access rules to API for GraphQL in Fabric, without adding more custom infrastructure. If you need authorization that reflects your business logic, tenant model, or role requirements, this public preview is a good place to start.

 

Try out the feature, test it with your own policies, and see how it can help you build more secure GraphQL APIs in Fabric. To learn more, refer to the Microsoft Fabric API for GraphQL overview documentation.

 

 

 

 

0