Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Get Fabric certified for FREE! Don't miss your chance! Learn more

Reply
Navsharma
New Contributor II

sql analytical endpoint cls

โ€Ž07-12-2024 02:42 PM

Hi Team,

I am trying to implement the column level security to lakehouse tables using the SQL endpoint. I am using the command mentioned in microsoft learn as 

GRANT SELECT ON YourSchema.YourTable 
(Column1, Column2, Column3, Column4, Column5) 
TO [User01];

User01 has 'member' permission at the workspace level. To test the functionality, we are trying to access the columns that user doesn't have access through notebooks and sql endpoint but user01 is still able to access all the columns. Any idea what is wrong with this approach?

 

Thanks!

Labels:
Message 1 of 4
922 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable

โ€Ž07-14-2024 07:05 PM

Hi @Navsharma ,

When the permission of workspace is Admin, Member, or Contributor, it will override the permission of column level security. This provides them access to all Items within the workspace.

If they primarily require read only access, assign them to the Viewer role and grant read access on specific objects through T-SQL. For more information, see Manage SQL granular permissions.

Other users, who only need access to an individual warehouse or require access to only specific SQL objects, should be given Fabric Item permissions and granted access through SQL to the specific objects.
You can manage permissions on Microsoft Entra ID (formerly Azure Active Directory) groups, as well, rather than adding each specific member.

 

Best Regards,

Ada Wang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 2 of 4
871 Views
3 REPLIES 3
Anonymous
Not applicable

โ€Ž07-14-2024 07:05 PM

Hi @Navsharma ,

When the permission of workspace is Admin, Member, or Contributor, it will override the permission of column level security. This provides them access to all Items within the workspace.

If they primarily require read only access, assign them to the Viewer role and grant read access on specific objects through T-SQL. For more information, see Manage SQL granular permissions.

Other users, who only need access to an individual warehouse or require access to only specific SQL objects, should be given Fabric Item permissions and granted access through SQL to the specific objects.
You can manage permissions on Microsoft Entra ID (formerly Azure Active Directory) groups, as well, rather than adding each specific member.

 

Best Regards,

Ada Wang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 4
872 Views
Navsharma
New Contributor II

โ€Ž07-15-2024 09:34 AM

@Anonymous : That make sense. Also another thing when we are setting up the CLS at lakehouse delta tables, will it work if I use direct lake connection for PBI reports or user has to use the import mode ?

Message 3 of 4
853 Views
0
Anonymous
Not applicable
In response to Navsharma

โ€Ž07-29-2024 12:46 AM

Hi @Navsharma ,

Column-level security only applies to queries on a Warehouse or SQL analytics endpoint in Fabric. Power BI queries on a warehouse in Direct Lake mode will fall back to Direct Query mode to abide by column-level security.

 

Best Regards,

Ada Wang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Message 4 of 4
786 Views

Helpful resources

Announcements
Sticker Challenge 2026 Carousel

Join our Community Sticker Challenge 2026

If you love stickers, then you will definitely want to check out our Community Sticker Challenge!

Free Fabric Certifications

Free Fabric Certifications

Get Fabric certified for free! Don't miss your chance.

January Fabric Update Carousel

Fabric Monthly Update - January 2026

Check out the January 2026 Fabric update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Users online (131)