Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
wanthanaj
Advocate I
Advocate I

One Lake Security - Can we hide a schema from users in Contributor role?

‎12-22-2025 01:20 PM

Hi,

I am trying to hide a schema from Workspace Contributors. Is it possible?

Here are what I have done with the OneLake Security settings:
- created a custom role + assigned only a user group with Workspace admin rights + select only the restricted schema that I want workspace admin to be able to read/read write. 

- deleted a DefaultReader role.
 
I have also turned the Users's identity on in SQL analytics endpoint. Although, my aim is to completely restrict Workpace Contributors user group from seeing a particular schema.

Users in the workpace contributors role can still see and preview the tables under that schema in Lakehouse view. 

What did I miss?

Thanks in advance. 

Labels:
Message 1 of 7
734 Views
1 ACCEPTED SOLUTION
AntoineW
Super User
Super User
In response to wanthanaj

‎12-23-2025 12:52 AM

First, you have to remove users from the contributor role in the workspace.

 

Then, on your lakehouse, share your lakehouse to a groupe AD (the button is on the top right corner). 

AntoineW_0-1766479698748.png

 

 

Once is done, you can click on Manage Onelake Security, give it a role name, select the specific table and schema that they can have access : 

 

AntoineW_1-1766479800777.png

 

Finally, add members to this role (the groupe AD that you have shared).

 

So the fact you shared the lakehouse and you created this role, your can limit the access of your lakehouse schemas or tables.

 

Hope it can help you!

Best regards,

Antoine

View solution in original post

Message 4 of 7
663 Views
6 REPLIES 6
Anonymous
Not applicable

‎12-29-2025 01:31 AM

Hi @wanthanaj ,

 

We haven’t received an update from you in some time. Could you please let us know if the issue has been resolved?
If you still require support, please let us know, we are happy to assist you.

 

Thank you.

Message 7 of 7
493 Views
0
Anonymous
Not applicable

‎12-26-2025 02:38 AM

Hi @wanthanaj ,

Thank you for reaching out to the Microsoft Fabric Community Forum. Thank you @suparnababu8 for your response.

 

Could you please let us know if the issue has been resolved? I wanted to check if you had the opportunity to review the information provided by @AntoineW and @tayloramy . If you still require support, please let us know, we are happy to assist you.

 

Thank you.

Message 6 of 7
560 Views
0
tayloramy
Super User
Super User

‎12-23-2025 06:33 AM

Hi @wanthanaj

 

Lets take a moment to understand Fabric workspace permissions. 

 Roles in workspaces in Microsoft Fabric - Microsoft Fabric | Microsoft Learn

Share Your Warehouse and Manage Permissions - Microsoft Fabric | Microsoft Learn

Contributor inheriently grants Read, ReadData, ReadAll,Write, and Monitor, so it will always grant access to all schemas. 

 

If you need to restrict the schemas, I recommend moving the warehouse/lakehouse to a different workspace where you can remove contributor access. 

 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.





If you found this helpful, consider giving some Kudos.
If I answered your question or solved your problem, mark this post as the solution!

Proud to be a Super User!



Message 5 of 7
648 Views
suparnababu8
Super User
Super User

‎12-22-2025 04:49 PM

Hi @wanthanaj 

 

I think it's not possible, bcz , you can't fully hide schemas from workspace contributors role in OneLake. Even if you configure custom roles and remove the DefaultReader role, Contributors retaiin visibilety of schemas and tables in the Lakehouse view because their control plane permiissions inherently allow them to view metadata.

 

Therfore, at present,OneLake security does not support hiding schemaas from workspace Contributors. You can deny access to the data itself, but they will still see the schema and table names in the Lakehouse view.

If you don;t want to see the metdata, then you can assign them as Viewer role.

 

 

Thank you!!

 

Did I answer your question? Mark my post as a solution!

Proud to be a Super User!

Message 2 of 7
698 Views
wanthanaj
Advocate I
Advocate I
In response to suparnababu8

‎12-22-2025 05:52 PM

Thank you.


OneLake security is the data plane security model for data in OneLake according to https://learn.microsoft.com/en-us/fabric/onelake/security/get-started-security#onelake-security-prev...

Could you guide me how to deny access to the data itself? Currently, they can still click to view in table view on the right-hand side in lakehouse view. It is ok for this group of contributors to see schema and table name.

 

 

 

 

Message 3 of 7
683 Views
0
AntoineW
Super User
Super User
In response to wanthanaj

‎12-23-2025 12:52 AM

First, you have to remove users from the contributor role in the workspace.

 

Then, on your lakehouse, share your lakehouse to a groupe AD (the button is on the top right corner). 

AntoineW_0-1766479698748.png

 

 

Once is done, you can click on Manage Onelake Security, give it a role name, select the specific table and schema that they can have access : 

 

AntoineW_1-1766479800777.png

 

Finally, add members to this role (the groupe AD that you have shared).

 

So the fact you shared the lakehouse and you created this role, your can limit the access of your lakehouse schemas or tables.

 

Hope it can help you!

Best regards,

Antoine

Message 4 of 7
664 Views

Helpful resources

Announcements
FabCon and SQLCon Highlights Carousel

FabCon &SQLCon Highlights

Experience the highlights from FabCon & SQLCon, available live and on-demand starting April 14th.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Fabric Update Carousel

Fabric Monthly Update - March 2026

Check out the March 2026 Fabric update to learn about new features.

View All