Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

swathisudheer

OLS implementation in warehouse propagating semantic model

Submitted by on ‎05-08-2024 05:21 AM

Hi,

I have been trying to understand how Object Level Security works in warehouse. Does the security mechanism that controls access to specific database objects, such as tables, views, or procedures implemented in Fabric warehouse, propagate to the sematic model built on top the same Warehouse for a certain user?

 

Let's say I want to restrict user A's access or to be able to view table "Room" in the semantic model. I deny his SQL granular permissions in Fabric warehouse. Is this supposed to restirct his access to the same table in Semantic model? If so, what are the commands?

 

 

 

 

Status: Investigating

Hi  @swathisudheer 

Object-level security is a security mechanism that controls access to specific database objects, such as tables, views, or procedures, based on user privileges or roles. It ensures that users or roles can only interact with and manipulate the objects they have been granted permissions for, protecting the integrity and confidentiality of the database schema and its associated resources.   

So theoretically, if you restrict access to a table, that user does not have access to the restricted table.

 

Best Regards,
Community Support Team _ Ailsa Tao

See more ideas labeled with:
2 Comments (2 New)
Comments
v-yetao1-msft
Community Support
Community Support
‎05-09-2024 12:08 AM
Status changed to: Investigating

Hi  @swathisudheer 

Object-level security is a security mechanism that controls access to specific database objects, such as tables, views, or procedures, based on user privileges or roles. It ensures that users or roles can only interact with and manipulate the objects they have been granted permissions for, protecting the integrity and confidentiality of the database schema and its associated resources.   

So theoretically, if you restrict access to a table, that user does not have access to the restricted table.

 

Best Regards,
Community Support Team _ Ailsa Tao

swathisudheer
Frequent Visitor
Monday

Hi @v-yetao1-msft 

 

So what I am testing here is if restrcting access to a table in Fabric warehouse will also restrict the same user's access to the same table in Power BI report built on top of the Sematic Model connected to the Fabric Warehouse.

 

For example,  I have denied SELECT access to User A to table Room by running the following query in Fabric warehouse:

 

DENY SELECT ON dbo.Room TO [USERA]

 

Will this restrict the access of the User A in Power BI report? Meaning, will the user be able to view the data from Table Room in Power BI report? I tried this and the user was still able to access Room data in Power BI.

 

So my question is, if the restriction is supposed to propagate to Power BI, what is the right way to do it?

Idea Statuses