MetricSign
EN|NLRequest Access
High severityaccess control

Power BI Refresh Error:
PERMISSION_DENIED

What does this error mean?

A Unity Catalog or Hive Metastore permission check failed. The principal executing the query lacks the required privilege on the target securable object.

Common causes

  • 1User or service principal missing SELECT on a Unity Catalog table or schema
  • 2Cluster or SQL warehouse service principal not granted USE CATALOG / USE SCHEMA
  • 3Row-level security or column mask applied to the querying principal
  • 4Workspace-local table queried via Unity Catalog SQL without metastore binding
  • 5External location or storage credential not granted to the principal

How to fix it

  1. 1Run `SHOW GRANTS ON TABLE <catalog>.<schema>.<table>` to inspect current privileges
  2. 2Grant the missing privilege: `GRANT SELECT ON TABLE <catalog>.<schema>.<table> TO <principal>`
  3. 3Confirm the service principal has USE CATALOG and USE SCHEMA on the parent objects
  4. 4If using a SQL warehouse, verify the warehouse's service principal or run-as identity in the data access config
  5. 5Check for column-level or row-level filters that may block the principal silently

Frequently asked questions

Does PERMISSION_DENIED always mean a missing GRANT?

Usually yes — but it can also stem from row-level security policies, column masks, or an external location credential that the principal cannot use.

How do I grant permissions to all users in a workspace?

Grant privileges to the `account users` group: `GRANT SELECT ON SCHEMA <catalog>.<schema> TO `account users``.

Other access control errors