Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest Fabric, Power BI, and SQL learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Applies to: ✅ SQL database in Microsoft Fabric
This article explains access control for SQL database items in Fabric.
You can configure access for your SQL database at two levels:
The access controls at these two different levels work together.
Note
Microsoft Purview protection policies can augment effective permission for database users. If your organization uses Microsoft Purview with Microsoft Fabric, see Protect sensitive data in SQL database with Microsoft Purview protection policies.
In Fabric, you can control access using Fabric workspace roles and item permissions.
Fabric workspace roles let you manage who can do what in a Microsoft Fabric workspace.
The following table captures SQL database-specific capabilities, members of particular workspace roles are allowed to access.
Capability | Admin role | Member role | Contributor role | Viewer role |
---|---|---|---|---|
Full administrative access and full data access | Yes | Yes | Yes | No |
Read data and metadata | Yes | Yes | Yes | Yes |
Connect to the database | Yes | Yes | Yes | Yes |
Fabric Item permissions control access to individual Fabric items within a workspace. Different Fabric items have different permissions. The following table lists item permissions that are applicable to SQL database items.
Permission | Capability |
---|---|
Read | Connect to the database |
ReadData | Read data and metadata |
ReadAll | Read mirrored data directly from OneLake files |
Share | Share item and manage Fabric item permissions |
Write | Full administrative access and full data access |
The easiest way to grant item permissions is by adding a user, an application, or a group to a workspace role. Membership in each role implies the role members have a subset of permissions to all databases in the workspace, as specified in the following table.
Role | Read | ReadAll | ReadData | Write | Share |
---|---|---|---|---|---|
Admin | Yes | Yes | Yes | Yes | Yes |
Member | Yes | Yes | Yes | Yes | Yes |
Contributor | Yes | Yes | Yes | Yes | No |
Viewer | Yes | Yes | Yes | No | No |
You can also grant Read, ReadAll, and ReadData permissions for an individual database by sharing the database item via the Share quick action in Fabric portal. You can view and manage permissions granted for a database item via the Manage permissions quick action in Fabric portal. For more information, see Share your SQL database and manage permissions.
The following SQL concepts allow much more granular access control in comparison to Fabric workspace roles and item permissions.
ADD MEMBER
and DROP MEMBER
options of the ALTER ROLE statement. To manage definitions of user-defined roles, use CREATE ROLE, ALTER ROLE, and DROP ROLE.For more information, see Configure granular access control for a SQL database.
Events
Mar 31, 11 PM - Apr 2, 11 PM
The biggest Fabric, Power BI, and SQL learning event. March 31 – April 2. Use code FABINSIDER to save $400.
Register todayTraining
Module
Secure data access in Microsoft Fabric - Training
Learn the key concepts and strategies for securing data access in Microsoft Fabric.
Certification
Microsoft Certified: Azure Database Administrator Associate - Certifications
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.