Microsoft Fabric · Workspace Roles

Viewer

Read-only access to workspace items. View reports, notebooks, pipelines, and execution output. Read data through TDS endpoints but not through Spark or OneLake APIs.

Scope: Single Fabric workspace - read-only

Permissions

  • View - Read content of pipelines, notebooks, Spark job definitions, ML models, experiments, eventstreams
  • View - Read content of KQL databases, KQL querysets, real-time dashboards
  • Read data (TDS) - Read Lakehouse and Data Warehouse data through SQL analytics endpoint (T-SQL ReadData level)
  • View execution output - Pipelines, notebooks, ML models and experiments

Common use cases

  • Report consumers
  • Auditors and compliance reviewers
  • Business stakeholders viewing dashboards without authoring rights

Best practices

  • Use for stakeholders who only consume content, not author it
  • For broader read access (Spark/OneLake), use Contributor instead

Security considerations

  • Viewer can READ data through SQL endpoint but NOT through OneLake/Spark
  • Row-Level Security (RLS) and Object-Level Security (OLS) still apply

Official Microsoft Learn documentation →

Open the interactive RBACMap →