Hi Microsoft Fabric Team,

I’ve encountered an unexpected behavior in Power BI/Fabric related to linked dataflows across workspaces, and I wanted to raise it for awareness and clarification.

Scenario:

• I have a dataflow in Workspace A that I want to reference in Workspace B.
• Workspace B is accessible to a colleague who should not have access to Workspace A.
• Normally, linking a dataflow entity from Workspace A into Workspace B requires the user to have access to Workspace A — which aligns with the documented behavior.

What I Discovered:

If I disable load on the linked entity (so it appears italicized), and then reference it in a new query within the same dataflow, the usual access restrictions disappear:

• The new query can be loaded and used without requiring access to Workspace A.
• No additional transformations are needed — even a simple reference like = EntityName works.
• This effectively bypasses the linked entity access control, allowing users to use data they technically shouldn’t be able to access.

Why This Is Concerning:

• It undermines the security model around linked dataflows.
• It’s not documented, and feels like an unintended loophole.
• It could lead to inconsistent governance in enterprise environments where workspace boundaries are critical.

Why It’s Useful:

Ironically, this behavior allowed me to achieve exactly what I needed — sharing a specific dataflow across workspaces without exposing the entire source workspace. But it feels like a workaround that shouldn’t work, and I’m concerned it might break in future updates or introduce risks.

Could you clarify whether this is:

• An intended feature?
• An unintended loophole?
• Something that will be addressed or changed in future releases?

Kind Regards,

David

(and I totally used Copilot to write this message)