Forum Discussion
Unified Catalog Self-serve analytics integration
Hi JBNFM,
The 403 (AccessDenied) during the scheduled run could mean write/scan permissions are missing at the item (Lakehouse) level, not just to the workspace.
I believe granting Contributor on the Workspace to the Fabric MSI is not sufficient for Unified Catalog scans.
This could be the issue as the Fabric Workspace Managed Identity (MSI) must have explicit access to the Lakehouse item. This could mean Lakehouse item should have explicit permissions Read + Write + Execute permissions so Purview can persist scan state/results.
Try the following
- Go to Fabric Workspace → open the Lakehouse.
- Click Manage access then item-level permissions.
- Add the same MSI shown in Purview.
- Grant Read, Build, and Write (or equivalent Lakehouse contributor rights)
- Re‑run the scheduler.
Thos may work, as without Lakehouse-level permissions, Fabric returns 403 Forbidden even though workspace access exists.
If you find the answer useful and you appreciate my time, please do not forget to like and mark it as a solution 🙂
Pbv85 , thanks for your response. When I go into the Lakehouse, I don't see the "Manage Access", the only thing I see is "Managed OneLake security". If there's another place, let me know as I'm not seeing it.
In the OneLake security, there was only a Reader role with the MSI in it. I created another Contributor Role and set it to "Read,ReadWrite" as those were the only 2 options. and then added the Purview MSI to that role. Still getting the same error.