Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Shape the future of the Fabric Community! Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions. Take survey.

Reply
PowerNewUser
Resolver I
Resolver I

OneLake Data Access + Live Connection = No Access in reports.

I recently enabled Data access roles in my lakehouse but cant get downstream users to access reports (they get errors on the visuals related to access). Would appreciate if anybody could help with what I'm missing!


- I have given access to the entra security groups directly on the lakehouse as READ. 

- I have tried adding the groups to an "alltables" role with direct assignment as well as lakehouse permission rule based assignment. 

- Default role was removed. 

- my other lakehouse without data access roles seems to be working just fine.. so am guessing its something to do with my setup. 

 

Reports are setup with a semantic model leveraging a live connection to the lakehouse. 

I can see the reports just fine as admin (have workspace level access). End users get the following on each visual - 

The SELECT permission or external policy action 'Microsoft.Sql/Sqlservers/Databases/Schemas/Tables/Rows/Select' was denied on the object....

 

Do I need to add all tables to the default semantic model? Do I need to grant/deny access in the SQL Endpoint as well? (Copilot had that suggestion)

1 ACCEPTED SOLUTION
PowerNewUser
Resolver I
Resolver I

Figured out the problem - seems copilot was on the right track. Due to enabling the preview the READDATA is no longer coming up as a permission. I had to manually go in and give access to the schema 

GRANT SELECT ON SCHEMA::dbo TO [<entra group>];  
GO
if you need to give table level access - you can do 
GRANT SELECT ON OBJECT::dbo.<table name> TO [<entra group name>];  

View solution in original post

3 REPLIES 3
PowerNewUser
Resolver I
Resolver I

Figured out the problem - seems copilot was on the right track. Due to enabling the preview the READDATA is no longer coming up as a permission. I had to manually go in and give access to the schema 

GRANT SELECT ON SCHEMA::dbo TO [<entra group>];  
GO
if you need to give table level access - you can do 
GRANT SELECT ON OBJECT::dbo.<table name> TO [<entra group name>];  
v-xiaocliu-msft
Community Support
Community Support

Hi @PowerNewUser ,

 

Could you check whether the user has access rights to all of the following items?

1\ Semantic Model

2\ LakeHouse

3\ SQL analytics endpoint

4\ Report

 

You can check the user's permissions by clicking "Manage Permissions" on each item.

vxiaocliumsft_0-1725607959628.png

vxiaocliumsft_1-1725608003022.png

 

 

 

vxiaocliumsft_0-1725602283250.png

 

vxiaocliumsft_1-1725602283256.png

 

 

Best Regards,

Wearsky

Thank you.. With the new preview ReadData is not showing up even when you select the option. 

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.