Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
DZL2
Regular Visitor

Unexpected Behavior in Linked Dataflows — Bypassing Workspace Access Restrictions

Thursday

Hi Microsoft Fabric Team,

 

I’ve encountered an unexpected behavior in Power BI/Fabric related to linked dataflows across workspaces, and I wanted to raise it for awareness and clarification.

Scenario:

  • I have a dataflow in Workspace A that I want to reference in Workspace B.
  • Workspace B is accessible to a colleague who should not have access to Workspace A.
  • Normally, linking a dataflow entity from Workspace A into Workspace B requires the user to have access to Workspace A — which aligns with the documented behavior.

What I Discovered:

If I disable load on the linked entity (so it appears italicized), and then reference it in a new query within the same dataflow, the usual access restrictions disappear:

  • The new query can be loaded and used without requiring access to Workspace A.
  • No additional transformations are needed — even a simple reference like = EntityName works.
  • This effectively bypasses the linked entity access control, allowing users to use data they technically shouldn’t be able to access.

Why This Is Concerning:

  • It undermines the security model around linked dataflows.
  • It’s not documented, and feels like an unintended loophole.
  • It could lead to inconsistent governance in enterprise environments where workspace boundaries are critical.

Why It’s Useful:

Ironically, this behavior allowed me to achieve exactly what I needed — sharing a specific dataflow across workspaces without exposing the entire source workspace. But it feels like a workaround that shouldn’t work, and I’m concerned it might break in future updates or introduce risks.

Could you clarify whether this is:

  • An intended feature?
  • An unintended loophole?
  • Something that will be addressed or changed in future releases?

Kind Regards,

David

 

(and I totally used Copilot to write this message)

Labels:
Message 1 of 2
115 Views
1 REPLY 1
Sahir_Maharaj
Super User
Super User

Thursday

Hello @DZL2,

 

Thanks for your question.

 

So, in short - what you found is a bug / loophole, not an official feature.

 

It undermines workspace access controls and will almost certainly be corrected.

 

For production use, stick to the documented sharing/security methods 🙂


Did I answer your question? Mark my post as a solution, this will help others!

If my response(s) assisted you in any way, don't forget to drop me a "Kudos" 🙂

Kind Regards,
Sahir Maharaj
Data Scientist | Data Engineer | Data Analyst | AI Engineer
P.S. Want me to build your Power BI solution? (Yes, its FREE!)
➤ Lets connect on LinkedIn: Join my network of 15K+ professionals
➤ Join my free newsletter: Data Driven: From 0 to 100
➤ Website: https://sahirmaharaj.com
➤ Email: sahir@sahirmaharaj.com
➤ Want me to build your Power BI solution? Lets chat about how I can assist!
➤ Join my Medium community of 30K readers! Sharing my knowledge about data science and artificial intelligence
➤ Explore my latest project (350K+ views): Wordlit.net
➤ 100+ FREE Power BI Themes: Download Now
LinkedIn Top Voice in Artificial Intelligence, Data Science and Machine Learning
Message 2 of 2
88 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All