Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.
I'm trying to provide granular permissions for my system-assigned managed identity so that it doesn't have permission to do too many things.
At the Lakehouse level, I was able to give it "Read", "ReadAll" permisisons, but there wasn't an option to provide Write.
Within the Lakehouse, using "Manage OneLake Data Access (preview)", I created a role and assigned it to specific folders, but it also only shows Read, ReadAll.
How can I get this managed identity to have Write only on a selected set of folders? Workspace contributor seems too broad as it might provide Write to the entire Lakehouse which is undesireable.
That looks to be operation-specific but I didn't see anything that suggested it could scope the permission to a subset of resources.
I was using https://learn.microsoft.com/en-us/fabric/onelake/security/get-started-data-access-roles#assign-a-mem... as a reference as it appeared to allow for folder-level scoping of permissions.
Hi @kchung_msft ,
Perhaps you can leverage Azure role-based access control to create custom roles?The following articles may be helpful to you.