Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Fabric Certified for FREE during Fabric Data Days. Don't miss your chance! Request now

Reply
HamidBee
Power Participant
Power Participant

Trouble Implementing Column-Level Security in Microsoft Fabric for Specific User

‎01-22-2024 05:30 AM

Hi All,

 

Just a note bare in mind that me and the other user are currently using a trial license. I'm experiencing difficulties implementing column-level security for a table in Microsoft Fabric's data warehousing solution. I need to restrict a user's access to certain columns of a table, but despite following the documentation and applying the necessary T-SQL GRANT statements, the user still has access to all columns.

 

Here's what I've done:

 

  1. Verified the user exists in the database with EXTERNAL_USER status.

  2. Used the following T-SQL command to grant selective access to the Dim_Customer
    table within the Sales schema, explicitly excluding the EmailAddress column:

GRANT SELECT ON Sales.Dim_Customer (CustomerID, CustomerName) TO [xxx@domain.com];

3. I then shared the Data Warehouse with the user. However, when the user runs a select query on the Sales.Dim_Customer table, they can view all columns, including the ones they should not have access to. I've confirmed that the correct permissions were applied using the sys.fn_my_permissions function, and it shows that the SELECT permission is granted only on the intended columns.

 

What might be the cause of this issue where the user can still access all data? Could there be an override at a higher level that I'm not aware of, or is there a specific consideration in Microsoft Fabric that I'm missing?

 

I would appreciate any guidance on how to properly implement column-level security in this environment.

 

Thanks in advance.

Message 1 of 3
1,368 Views
0
1 ACCEPTED SOLUTION
HamidBee
Power Participant
Power Participant
In response to AndyDDC

‎01-23-2024 05:50 PM

It turns out it was the format of the T-SQL statement I should have written it like this:

GRANT SELECT (CustomerID, CustomerName) ON Sales.Dim_Customer 
TO [xxx@domain.com];

The other format (althought it executes correctly gives a warning):

 

HamidBee_0-1706060900290.png

This was incredibly frustraing because this was the format Microsoft suggested in their guide:

https://learn.microsoft.com/en-us/fabric/data-warehouse/tutorial-column-level-security

View solution in original post

Message 3 of 3
1,299 Views
0
2 REPLIES 2
AndyDDC
Super User
Super User

‎01-22-2024 12:26 PM

Hi @HamidBee when you shared the Warehouse, what level of sharing did you give the user?

 

"Default permissions (no additional options selected)" should allow you to share the warehouse with Connect only permissions, then use GRANT to assign the relevant permissions 

 

https://blog.fabric.microsoft.com/en-us/blog/data-warehouse-sharing/

Message 2 of 3
1,334 Views
0
HamidBee
Power Participant
Power Participant
In response to AndyDDC

‎01-23-2024 05:50 PM

It turns out it was the format of the T-SQL statement I should have written it like this:

GRANT SELECT (CustomerID, CustomerName) ON Sales.Dim_Customer 
TO [xxx@domain.com];

The other format (althought it executes correctly gives a warning):

 

HamidBee_0-1706060900290.png

This was incredibly frustraing because this was the format Microsoft suggested in their guide:

https://learn.microsoft.com/en-us/fabric/data-warehouse/tutorial-column-level-security

Message 3 of 3
1,300 Views
0

Helpful resources

Announcements
November Fabric Update Carousel

Fabric Monthly Update - November 2025

Check out the November 2025 Fabric update to learn about new features.

Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All