Ctrlk
AcademyCustomer Portal

Access Configuration for Microsoft Fabric Warehouse

This article outlines the process to configure Viewer-level (read-only) access for a specified identity, such as a User Assigned Managed Identity (UAMI) or Service Principal (SP) on a Microsoft Fabric Warehouse.

Access to analytical storage layers must be governed to enable secure data consumption while preserving data integrity. Viewer access allows identities to query and explore data assets, including schema and metadata, without introducing any risk of modification to underlying resources.

Viewer access in Fabric Warehouse is implemented using SQL read permissions (ReadData). This enables query execution and metadata visibility while restricting all write, update, or administrative operations.

Prerequisites

Ensure the following conditions are met before proceeding:

1. Fabric Environment Setup

  • An active Fabric workspace is available

  • The target Warehouse is created and accessible.

2. Identity Requirements

  • A User Assigned Managed Identity (UAMI) or Service Principal (SP) is created

  • The identity is associated with the Bridge Client VM (if applicable).

3. Access Permissions

The user performing this configuration must have:

  • Workspace Admin, Owner, or equivalent role

  • Permission to manage access (roleAssignments/write).

If sufficient privileges are not available, the Manage Permissions option will not be accessible.

Steps to Configure Viewer Access

Follow the steps below to configure read-only access:

Step 1: Access Fabric Portal

  • Log in to the Microsoft Fabric Portal

  • Use an account with Admin or Owner privileges

Step 2: Navigate to Workspace

  • Open the required Fabric Workspace

  • Locate the target Warehouse

Step 3: Open Manage Permissions

  • Click on the three-dot menu (⋯) for the Warehouse

  • Select Manage Permissions

Step 4: Add Identity

  • Click + Add user

  • Select the required identity:

    • User Assigned Managed Identity (UAMI)

    • Service Principal (SP)

Step 5: Assign Viewer Permission

  • Select the permission: Read all data using SQL (ReadData)

This enables:

  • Read-only SQL query execution

  • Metadata and schema visibility

  • Secure access without modification capability

Step 6: Validate Configuration

  • Confirm that the identity appears in the permissions list

  • Verify that the assigned permission reflects ReadData (Viewer-level access)

The configured access is immediately visible in the permissions panel upon successful assignment.

Permission Summary

Permission Type
Access Level
Description

ReadData

Viewer

Enables read-only SQL access to data

Metadata Access

Included

Allows visibility of schema and objects

Write Access

Not Allowed

Prevents data or structural modifications

Copyright © 2026, OvalEdge LLC, Peachtree Corners GA USA

PreviousMicrosoft FabricNextOther

Last updated

Was this helpful?