Fabric granular permission to use items

IanOliveira · ‎06-25-2024

My team is running a Fabric POC and we are interested to now about the ability to allow users to create or use Fabric items.

For example in Azzure we can allow user to use certain products independently. A data analyst have access to ML studio but not access to Synapse.

In Fabric we want to allow some users to use notebooks but not to create pipelines and dataflows. We also want to allow some users to access all items and have the ability to create and edit products.

Cheers,

Ian

frithjof_v · ‎06-26-2024

I don't think that is possible.

I think you can restrict which users can create Fabric items by using security groups.

But I don't think you can restrict permission to create only some Fabric items but not all Fabric items. I think if a user has permission to create Fabric items, they can create all kinds of Fabric items.

https://learn.microsoft.com/en-us/fabric/admin/fabric-switch

IanOliveira · ‎07-01-2024

Yes is highly problematic, thats is why I think we wont be moving to Fabric. We want some users to access notebooks.But we dont want them creating and using Synapse and or data factory

Anonymous · ‎07-02-2024

Hi @IanOliveira ,

Appreciate if you could share the feedback on our feedback channel. Which would be open for the user community to upvote & comment on. This allows our product teams to effectively prioritize your request against our existing feature backlog and gives insight into the potential impact of implementing the suggested feature.

Hope this helps. Please let me know if you have any further queries.

Anonymous · ‎06-27-2024

Hi @IanOliveira ,

We haven’t heard from you on the last response and was just checking back to see if your query was answered.
Otherwise, will respond back with the more details and we will try to help .

Thanks

IanOliveira · ‎07-17-2024

We are looking into Fabric, but the security controls we have on other products to have the same level with Fabric the costs are way too high. Also the granular permission to use items are not inline with what we need.

Anonymous · ‎07-01-2024

Hi @IanOliveira ,

We haven’t heard from you on the last response and was just checking back to see if your query was answered.
Otherwise, will respond back with the more details and we will try to help .

Thanks

frithjof_v · ‎06-26-2024

Not related to OP's question, just a comment on this quote:

"I think you can restrict which users can create Fabric items by using security groups."

Note that Capacity admins can override the Tenant settings.

So anyone who can create a new Fabric capacity in Azure, or is already a capacity admin of an existing capacity, can for example choose to let all users in the organization create Fabric items using that capacity.

https://learn.microsoft.com/en-us/fabric/admin/fabric-switch#enable-for-a-capacity

I haven't tried this, but by reading the docs this seems to be the case.

IanOliveira · ‎07-01-2024

Currently we give access to some users in ML studio. However only data engineers access Synapse and Data factory and can build organisational assets.

Data analysts and Machine learning engineers than consume those datasets. If they need to write back than a data enginner works alongside to build the pipelines.

Fabric granular permission to use items

Fabric granular permission to use items

Helpful resources

Fabric Monthly Update - March 2025

Fabric Community Update - March 2025

Fabric API environment item publish state issue

Fabric Notebooks RunAs User and Permissions

Error message - This workspace does not support Fa...

Enable Fabric after bought Fabric Capacity F2

Fabric items (lakehouse Datawarehouse) not visibl...