Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
JayJay11
Resolver II
Resolver II

How to implement read access to a report that is based on a semantic model with DirectLake Lakehouse

‎03-19-2024 02:38 AM

Hello all,

 

I am a bit confused on how to set up a simple use-case in  Fabric workspace:

 

I have a Lakehouse based on which I have a semantic model that uses the DirectLake connection. Based on that semantic model I have a report. Now I want a user to simply have read access to this report, that's it. The user shall not have access to the semantic model or Lakehouse, nor to the workspace.

 

Lineage.png

 

When I give the user read access to both the semantic model and the report, the user gets the following two error messages:

 

 error1.pngerror2.png

 

What am I doing wrong here? Please note, I do not want to give the user access to the Lakehouse itself, as later I will also have a Row Level Security implemented on that semantic model.

 

 

Labels:
Message 1 of 3
151 Views
0
1 ACCEPTED SOLUTION
JayJay11
Resolver II
Resolver II
In response to v-yifanw-msft

‎03-20-2024 02:47 AM

Thank you! I actually could solve my use-case: I learned that a user has to have the ReadAll role on the Lakehouse, Read on the semantic model and Read on the report. Further, RLS can be activated on the semantic model and it works fine (though I am not sure if there is a fallback to DirectQuery, maybe someone has the details here). And because the user has no View-rights on the workspace, the user also cannot access the Lakehouse directly, which is what I wanted.

View solution in original post

Message 3 of 3
104 Views
2 REPLIES 2
v-yifanw-msft
Community Support
Community Support

‎03-19-2024 07:37 PM

Hi @JayJay11 ,

In your description, you want the user to have read access to reports derived from the semantic model, but not direct access to the semantic model or Lakehouse. you may run into problems because of the way permissions are managed in the workspace.


Make sure that you have assigned the Viewer role to the user in the workspace. This role allows users to query data from SQL or Power BI reports, but not to create items or write to data. This step ensures that users can access reports in the workspace without having broader access rights. For more details on workspace roles, read the following link:
Roles in workspaces in Power BI - Power BI | Microsoft Learn
Get started securing your data in OneLake - Microsoft Fabric | Microsoft Learn

 

When a user interacts with a report, RLS only works for the Viewer in the workspace. For more information on implementing RLS:
Row-level security (RLS) with Power BI - Power BI | Microsoft Learn

 

Best Regards,

Ada Wang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 3
106 Views
0
JayJay11
Resolver II
Resolver II
In response to v-yifanw-msft

‎03-20-2024 02:47 AM

Thank you! I actually could solve my use-case: I learned that a user has to have the ReadAll role on the Lakehouse, Read on the semantic model and Read on the report. Further, RLS can be activated on the semantic model and it works fine (though I am not sure if there is a fallback to DirectQuery, maybe someone has the details here). And because the user has no View-rights on the workspace, the user also cannot access the Lakehouse directly, which is what I wanted.

Message 3 of 3
105 Views

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All