Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Next up in the FabCon + SQLCon recap series: The roadmap for Microsoft SQL and Maximizing Developer experiences in Fabric. All sessions are available on-demand after the live show. Register now

Reply
SSAGAR
New Member

How to share a single lakehouse within a workspace

‎02-05-2025 10:27 AM

Use Case and Setup Description

 

We have a workspace with three Lakehouse items: Bronze, Silver and Gold.

 

We want to expose certain views on the gold layer as a data product.

 

The access should be granted only  to users that belong to a given AD Group. 

 

The group is granted Read access to the Lakehouse Item. No ReadData or ReadAll permissions are given.

 

The group does not have any roles assigned at workspace level.

The group is in addition granted select on certain views in the Gold Lakehouse.

 

The expected behavior would be that the users in that group can list the tables and views in the Gold Lakehouse via the SQL Endpoint and read the data from the views they have been granted access to. We would expect that the users can't see the tables and views, nor read the data in the Bronze and Silver Lakehouses.

 

Findings

 

  1. There is a single SQL endpoint for the whole workspace, not one per Lakehouse. We initially were under the impression that each Lakehouse had a separate SQL endpoint. If a Warehouse item is added to the same workspace, it will also share the same SQL endpoint.
  2. Once granted read to one of the Lakehouses, users can see and read data in every other Lakehouse/Warehouse via the SQL endpoint, even if there is no access specifically granted to them to those items.

Can you please help us out here?

Labels:
Message 1 of 5
2,002 Views
0
1 ACCEPTED SOLUTION
v-achippa
Community Support
Community Support

‎02-06-2025 05:44 AM

Hi @SSAGAR,

 

Thank you for reaching out to Microsoft Fabric Community.

 

  • Users may see multiple Lakehouses and Warehouses if they query the workspace-level SQL endpoint. This happens even if they were only granted access to one Lakehouse. So direct them to use only the Gold lakehouse’s dedicated SQL endpoint
  • Confirm that the AD group has NO roles (Viewer, Contributor, Admin) at the workspace level to prevent visibility into all lakehouses.
  • In the Gold lakehouse, grant only "Read" and "SELECT" on specific views. In Bronze and Silver, ensure they have NO permissions.
These steps should prevent users from seeing Bronze and Silver while allowing access to only the granted views in Gold layer.
 

If this post helps, then please consider Accepting as solution to help the other members find it more quickly, don't forget to give a "Kudos" – I’d truly appreciate it! 

 

Thanks and regards,

Anjan Kumar Chippa

 

View solution in original post

Message 4 of 5
1,952 Views
0
4 REPLIES 4
v-achippa
Community Support
Community Support

‎02-06-2025 05:44 AM

Hi @SSAGAR,

 

Thank you for reaching out to Microsoft Fabric Community.

 

  • Users may see multiple Lakehouses and Warehouses if they query the workspace-level SQL endpoint. This happens even if they were only granted access to one Lakehouse. So direct them to use only the Gold lakehouse’s dedicated SQL endpoint
  • Confirm that the AD group has NO roles (Viewer, Contributor, Admin) at the workspace level to prevent visibility into all lakehouses.
  • In the Gold lakehouse, grant only "Read" and "SELECT" on specific views. In Bronze and Silver, ensure they have NO permissions.
These steps should prevent users from seeing Bronze and Silver while allowing access to only the granted views in Gold layer.
 

If this post helps, then please consider Accepting as solution to help the other members find it more quickly, don't forget to give a "Kudos" – I’d truly appreciate it! 

 

Thanks and regards,

Anjan Kumar Chippa

 
Message 4 of 5
1,953 Views
0
v-achippa
Community Support
Community Support
In response to v-achippa

‎02-10-2025 05:21 AM

Hi @SSAGAR,

 

As we haven’t heard back from you, we wanted to kindly follow up to check if the solution I have provided for the issue worked? or let us know if you need any further assistance.
If my response addressed, please mark it as "Accept as solution" and click "Yes" if you found it helpful.

 

Thanks and regards,

Anjan Kumar Chippa

Message 5 of 5
1,912 Views
0
nilendraFabric
Super User
Super User

‎02-05-2025 10:48 AM

Hello @SSAGAR 

 

Before we deep dive in solution, I want to know how did you figured out that a single sql endpoint is shared between LH,Wh

 

As far as I know , each Lakehouse and Warehouse within a workspace has its own dedicated SQL analytics endpoint. These endpoints allow querying of data stored in Delta tables using T-SQL.
• The number of SQL analytics endpoints in a workspace corresponds to the number of Lakehouses or Warehouses created, meaning they are not shared across all items in the workspace

 

 

Message 2 of 5
1,980 Views
Manu002
Frequent Visitor
In response to nilendraFabric

‎05-12-2025 07:06 AM

Hi @nilendraFabric,

 

There are 2 different lakehouse in a same workspace of F64 capacity and both lakehouse has the same SQL enpoint. I've observed it.

Message 3 of 5
1,600 Views
0

Helpful resources

Announcements
FabCon and SQLCon Highlights Carousel

FabCon &SQLCon Highlights

Experience the highlights from FabCon & SQLCon, available live and on-demand starting April 14th.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

March Fabric Update Carousel

Fabric Monthly Update - March 2026

Check out the March 2026 Fabric update to learn about new features.

View All