Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft is giving away 50,000 FREE Microsoft Certification exam vouchers. Get Fabric certified for FREE! Learn more

Reply
dimitragav10_
Frequent Visitor

Fabric Lakehouse Permissions

‎02-07-2025 02:29 AM

Hello everyone,

 

I have a question regarding permissions in Microsoft Fabric.

I typically work with Power BI and SSRS reports, and I want to give viewers access to view these reports without granting them permission to query the underlying endpoints.

 

For example, I have a Lakehouse named "Lakehouse1" in the workspace WS_Lakehouse. I created a Paginated Report based on this Lakehouse and published it in the WS_Reports workspace. In WS_Lakehouse, I am the only one with access, while in WS_Reports, there’s a group with the "Viewer" role.

 

My question is: What permissions should I assign to the Lakehouse so that viewers in WS_Reports can see the report but not access the SQL endpoint of the Lakehouse? Or, is there another way (e.g., through a service principal) to ensure that users can only view the report and cannot perform further actions?

 

Thank you,
Dimitra

 

Labels:
Message 1 of 7
398 Views
0
1 ACCEPTED SOLUTION
v-priyankata
Community Support
Community Support
In response to dimitragav10_

‎02-19-2025 08:43 PM

HI @dimitragav10_ 
if the report connects directly to the Lakehouse, users will require Read access to the Lakehouse, which also grants access to the SQL endpoint.
If a Power BI dataset is used, implement RLS to restrict data visibility per user.

Thank you.

View solution in original post

Message 4 of 7
301 Views
0
6 REPLIES 6
v-priyankata
Community Support
Community Support

‎03-06-2025 05:38 AM

Hi @dimitragav10_ 
I hope this information is helpful. Please let me know if you have any further questions or if you'd like to discuss this further. If this answers your question, please Accept it as a solution and give it a 'Kudos' so others can find it easily.
Thank you

Message 7 of 7
207 Views
0
v-priyankata
Community Support
Community Support

‎03-03-2025 09:05 AM

Hi @dimitragav10_ 
I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions. If my response has addressed your query, please accept it as a solution and give a 'Kudos' so other members can easily find it.
Thank you.

Message 6 of 7
237 Views
0
v-priyankata
Community Support
Community Support

‎02-27-2025 09:54 AM

Hi @dimitragav10_ 

May I ask if you have resolved this issue? If so, please mark the helpful reply and accept it as the solution. This will be helpful for other community members who have similar problems to solve it faster.

Thank you.

Message 5 of 7
260 Views
0
rohit1991
Super User
Super User

‎02-07-2025 04:42 AM

Hi @dimitragav10_ ,

Users in WS_Reports with the Viewer role can only view reports but won’t have access to the underlying Lakehouse1 unless explicitly granted. Ensure they are not added to WS_Lakehouse.

Do not grant direct permissions on Lakehouse1 to report viewers.If using a Power BI dataset, store credentials in the dataset to avoid direct access from users.

By default, only those with explicit permissions can query the SQL endpoint. Ensure that no one in WS_Reports has any direct role in WS_Lakehouse to prevent unauthorized querying. If needed, deny SQL endpoint access explicitly via workspace security settings.

Use a Service Principal for Secure Data Access. Instead of granting direct user access, use a Service Principal or Managed Identity to fetch data for reports. Configure Paginated Reports to use a predefined identity with controlled access. Row-Level Security (RLS): If applicable, use RLS to control data visibility based on user roles. Data Gateway (if needed): If your data source is on-premises, ensure the gateway is configured correctly with stored credentials.

 

 

 

"The goal is to turn data into information, and information into insight." – Carly Fiorina

🔗 Need Power BI help? Connect on LinkedIn: Rohit Kumar’s LinkedIn

Message 2 of 7
371 Views
0
dimitragav10_
Frequent Visitor
In response to rohit1991

‎02-07-2025 06:04 AM

Thank you for your response @rohit1991 .

I attempted to upload a report without granting permissions on the Lakehouse, but viewers were unable to access the report unless I provided "Read" access to the Lakehouse. Once I grant access, the report works as expected, but viewers can also access the SQL Endpoint.

This issue is particularly evident when creating a Power BI report with Lakehouse connection, as users can open the semantic model and retrieve the SQL endpoint. 

Am I possibly overlooking something here?

Message 3 of 7
366 Views
0
v-priyankata
Community Support
Community Support
In response to dimitragav10_

‎02-19-2025 08:43 PM

HI @dimitragav10_ 
if the report connects directly to the Lakehouse, users will require Read access to the Lakehouse, which also grants access to the SQL endpoint.
If a Power BI dataset is used, implement RLS to restrict data visibility per user.

Thank you.

Message 4 of 7
302 Views
0

Helpful resources

Announcements
March PBI video - carousel

Power BI Monthly Update - March 2025

Check out the March 2025 Power BI update to learn about new features.

March2025 Carousel

Fabric Community Update - March 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All