fabric-lakehouse-access-controllisted
Install: claude install-skill PatrickGallucci/fabric-skills
# Microsoft Fabric Lakehouse Access Control remediate
Diagnose and resolve access control issues across all security layers of Microsoft Fabric Lakehouse, including workspace roles, item permissions, OneLake security data access roles, SQL analytics endpoint granular permissions, and Direct Lake semantic model security integration.
## When to Use This Skill
- User cannot access lakehouse data or sees "permission denied" errors
- Queries return empty results or missing rows/columns unexpectedly
- OneLake security roles not applying or taking too long to propagate
- SQL analytics endpoint permissions not restricting access as expected
- Direct Lake semantic model returns errors after enabling OneLake security
- Shortcut data is inaccessible or returns 404 errors
- DefaultReader role conflicts with custom data access roles
- Deployment pipeline or git integration issues with data access roles
- Users see data they should not have access to (over-provisioned)
- Row-level or column-level security not filtering correctly
## Prerequisites
- Microsoft Fabric workspace with capacity or trial license
- Admin, Member, or Contributor workspace role for managing security
- Familiarity with T-SQL for SQL analytics endpoint security
- PowerShell 7+ for running diagnostic scripts
## Fabric Lakehouse Security Layers
Fabric Lakehouse enforces security through multiple overlapping layers. Understanding the evaluation order is critical for remediate.
**Layer 1 - Workspace Roles** control