Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
Marko33
Frequent Visitor

Fabric link to Dataverse - Dataverse security not copied over to lakehouse

‎02-05-2025 06:29 AM

Hi there,

 

I have enabled the Fabric link to dataverse from our D365 CRM dataverse tables. I was expecting that the security concept will be taken over to the lakehouse, which obviously is not the case.

 

That means in our case, that a user who is assigned to a specific business unit in CRM, would see in the lakehouse the data of all business units.

 

Has anybody already solved this kind of problem?

 

Thanks,
Marko

Labels:
Message 1 of 6
947 Views
0
1 ACCEPTED SOLUTION
nilendraFabric
Super User
Super User
In response to Marko33

‎02-11-2025 01:44 AM

Hello @Marko33 

 

RLS is applied at the database tier, specifically in the Fabric Warehouse or SQL analytics endpoint.

While a dedicated Warehouse provides a centralized and scalable environment for implementing RLS, you can also define RLS on the SQL analytics endpoint linked to a Lakehouse. Both options support RLS configurations

 

https://techcommunity.microsoft.com/blog/analyticsonazure/microsoft-fabric-row-level-security-rls--c...

 

 

Please accept this solution this it answered the question 

View solution in original post

Message 4 of 6
829 Views
5 REPLIES 5
v-menakakota
Community Support
Community Support

‎02-09-2025 09:09 PM

Hi @Marko33 ,

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions. If my response has addressed your query, please accept it as a solution and give a 'Kudos' so other members can easily find it.

Thank you.

Message 6 of 6
855 Views
0
v-menakakota
Community Support
Community Support

‎02-06-2025 02:29 AM

Hi @Marko33 ,

Thank you for reaching out to us on the Microsoft Fabric Community Forum.

As mentioned, when linking Dataverse to Microsoft Fabric, the security model does not automatically carry over, and there's no native way to replicate the complex security structures such as business units and row-level security (RLS) directly. However, @nilendraFabric  suggestions are great ways to achieve similar behavior in the Fabric lakehouse.
Although these workarounds don’t fully automate the transfer of security from Dataverse to the lakehouse, they offer a reliable way to manage access control and ensure that users only have visibility into the data they’re authorized to see, based on their business unit or role.

If this post was helpful, please give us Kudos and consider marking Accept as solution to assist other members in finding it more easily.

Regards,
Menaka.


Message 5 of 6
906 Views
0
nilendraFabric
Super User
Super User

‎02-05-2025 09:18 AM

Hello @Marko33 

When linking Dataverse to Microsoft Fabric, the security model from Dataverse is not automatically replicated in the lakehouse. This means that the row-level security and business unit restrictions that exist in Dataverse are not enforced in the Fabric lakehouse by default. 

Security Model Differences

  1. Dataverse uses a complex security model with business units, security roles, and row-level security
  2. The Fabric lakehouse, on the other hand, has its own security model that doesn't directly map to Dataverse's structure

 

It means there is no direct way at the moment to migrate the security model from Dataverse.  But you can try mimicking the behavior by 

 

Define RLS roles that correspond to your Dataverse business units

Create views or stored procedures in the Fabric SQL endpoint that filter data based on the user's business unit

Use AAD groups that mirror your Dataverse business unit structur

 

Hope this makes sense.

Please accept this answer if this is helpful and give kuods.

Message 2 of 6
922 Views
0
Marko33
Frequent Visitor
In response to nilendraFabric

‎02-11-2025 01:10 AM

Hi @nilendraFabric, thanks for your answer.

 

When you say define RLS roles, where they need to be defined? I think it is only possible if I create a dedicated Warehouse, or is there any other suggestion?

Message 3 of 6
837 Views
0
nilendraFabric
Super User
Super User
In response to Marko33

‎02-11-2025 01:44 AM

Hello @Marko33 

 

RLS is applied at the database tier, specifically in the Fabric Warehouse or SQL analytics endpoint.

While a dedicated Warehouse provides a centralized and scalable environment for implementing RLS, you can also define RLS on the SQL analytics endpoint linked to a Lakehouse. Both options support RLS configurations

 

https://techcommunity.microsoft.com/blog/analyticsonazure/microsoft-fabric-row-level-security-rls--c...

 

 

Please accept this solution this it answered the question 

Message 4 of 6
830 Views

Helpful resources

Announcements
December Fabric Update Carousel

Fabric Monthly Update - December 2025

Check out the December 2025 Fabric Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All