Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
SSAGAR
New Member

How to share a single lakehouse within a workspace

‎02-05-2025 10:27 AM

Use Case and Setup Description

 

We have a workspace with three Lakehouse items: Bronze, Silver and Gold.

 

We want to expose certain views on the gold layer as a data product.

 

The access should be granted only  to users that belong to a given AD Group. 

 

The group is granted Read access to the Lakehouse Item. No ReadData or ReadAll permissions are given.

 

The group does not have any roles assigned at workspace level.

The group is in addition granted select on certain views in the Gold Lakehouse.

 

The expected behavior would be that the users in that group can list the tables and views in the Gold Lakehouse via the SQL Endpoint and read the data from the views they have been granted access to. We would expect that the users can't see the tables and views, nor read the data in the Bronze and Silver Lakehouses.

 

Findings

 

  1. There is a single SQL endpoint for the whole workspace, not one per Lakehouse. We initially were under the impression that each Lakehouse had a separate SQL endpoint. If a Warehouse item is added to the same workspace, it will also share the same SQL endpoint.
  2. Once granted read to one of the Lakehouses, users can see and read data in every other Lakehouse/Warehouse via the SQL endpoint, even if there is no access specifically granted to them to those items.

Can you please help us out here?

Labels:
Message 1 of 5
728 Views
0
1 ACCEPTED SOLUTION
v-achippa
Community Support
Community Support

‎02-06-2025 05:44 AM

Hi @SSAGAR,

 

Thank you for reaching out to Microsoft Fabric Community.

 

  • Users may see multiple Lakehouses and Warehouses if they query the workspace-level SQL endpoint. This happens even if they were only granted access to one Lakehouse. So direct them to use only the Gold lakehouse’s dedicated SQL endpoint
  • Confirm that the AD group has NO roles (Viewer, Contributor, Admin) at the workspace level to prevent visibility into all lakehouses.
  • In the Gold lakehouse, grant only "Read" and "SELECT" on specific views. In Bronze and Silver, ensure they have NO permissions.
These steps should prevent users from seeing Bronze and Silver while allowing access to only the granted views in Gold layer.
 

If this post helps, then please consider Accepting as solution to help the other members find it more quickly, don't forget to give a "Kudos" – I’d truly appreciate it! 

 

Thanks and regards,

Anjan Kumar Chippa

 

View solution in original post

Message 4 of 5
678 Views
0
4 REPLIES 4
v-achippa
Community Support
Community Support

‎02-06-2025 05:44 AM

Hi @SSAGAR,

 

Thank you for reaching out to Microsoft Fabric Community.

 

  • Users may see multiple Lakehouses and Warehouses if they query the workspace-level SQL endpoint. This happens even if they were only granted access to one Lakehouse. So direct them to use only the Gold lakehouse’s dedicated SQL endpoint
  • Confirm that the AD group has NO roles (Viewer, Contributor, Admin) at the workspace level to prevent visibility into all lakehouses.
  • In the Gold lakehouse, grant only "Read" and "SELECT" on specific views. In Bronze and Silver, ensure they have NO permissions.
These steps should prevent users from seeing Bronze and Silver while allowing access to only the granted views in Gold layer.
 

If this post helps, then please consider Accepting as solution to help the other members find it more quickly, don't forget to give a "Kudos" – I’d truly appreciate it! 

 

Thanks and regards,

Anjan Kumar Chippa

 
Message 4 of 5
679 Views
0
v-achippa
Community Support
Community Support
In response to v-achippa

‎02-10-2025 05:21 AM

Hi @SSAGAR,

 

As we haven’t heard back from you, we wanted to kindly follow up to check if the solution I have provided for the issue worked? or let us know if you need any further assistance.
If my response addressed, please mark it as "Accept as solution" and click "Yes" if you found it helpful.

 

Thanks and regards,

Anjan Kumar Chippa

Message 5 of 5
638 Views
0
nilendraFabric
Super User
Super User

‎02-05-2025 10:48 AM

Hello @SSAGAR 

 

Before we deep dive in solution, I want to know how did you figured out that a single sql endpoint is shared between LH,Wh

 

As far as I know , each Lakehouse and Warehouse within a workspace has its own dedicated SQL analytics endpoint. These endpoints allow querying of data stored in Delta tables using T-SQL.
• The number of SQL analytics endpoints in a workspace corresponds to the number of Lakehouses or Warehouses created, meaning they are not shared across all items in the workspace

 

 

Message 2 of 5
706 Views
Manu002
Frequent Visitor
In response to nilendraFabric

‎05-12-2025 07:06 AM

Hi @nilendraFabric,

 

There are 2 different lakehouse in a same workspace of F64 capacity and both lakehouse has the same SQL enpoint. I've observed it.

Message 3 of 5
326 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June FBC25 Carousel

Fabric Monthly Update - June 2025

Check out the June 2025 Fabric update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All