Forum Discussion
Unified Catalog Self-serve analytics integration
Hi JBNFM,
The 403 (AccessDenied) during the scheduled run could mean write/scan permissions are missing at the item (Lakehouse) level, not just to the workspace.
I believe granting Contributor on the Workspace to the Fabric MSI is not sufficient for Unified Catalog scans.
This could be the issue as the Fabric Workspace Managed Identity (MSI) must have explicit access to the Lakehouse item. This could mean Lakehouse item should have explicit permissions Read + Write + Execute permissions so Purview can persist scan state/results.
Try the following
- Go to Fabric Workspace → open the Lakehouse.
- Click Manage access then item-level permissions.
- Add the same MSI shown in Purview.
- Grant Read, Build, and Write (or equivalent Lakehouse contributor rights)
- Re‑run the scheduler.
Thos may work, as without Lakehouse-level permissions, Fabric returns 403 Forbidden even though workspace access exists.
If you find the answer useful and you appreciate my time, please do not forget to like and mark it as a solution 🙂
Pbv85 , thanks for the response.
SO, I opened up the Lakehouse and the only thing I see inside the lakehouse, is Manage OneLake security. Is that the same as "Manage access"?
When I opened that, there was only DefaultReader as a security role. I created a new role and set permissions to "Read, ReadWrite" as those were the only options. I then added the Purview MSI to that group and I still get the same error.
If there is a different place to manage those permissions, let me know, I could have missed it somewhere on the screen, again inside of the Lakehouse.