Please enter your information to subscribe to the Microsoft Fabric Blog.

Thanks for subscribing to the Microsoft Fabric Blog. You’ll receive email notifications when we publish new posts.

Microsoft Fabric Updates Blog

  1. Updates
  2. All

Permission model improvements for Azure and Fabric Events

Azure and Fabric Events offer a powerful capability within Real-Time Intelligence that enables you to ingest system events that are generated in Microsoft Fabric and Azure to deliver them to consumers in Microsoft Fabric like Activator for setting event-based triggers or Eventstream to stream and process events to other destinations.

Permission model

To subscribe to Azure and Fabric events from consumers like Activator or Eventstream, the user needs to have sufficient permission to subscribe to these events. The subscribe permission for Azure and Fabric events allows you to manage access to the events, ensuring that only authorized users can subscribe to the events. The subscribe permissions are evaluated during the configuration to consume the events. If the user doesn’t have the necessary permissions, the configuration will be blocked to prohibit the events from flowing. However, these user permissions can change over time due to various business needs for existing event consumers.

Improvement

To address this challenge, the permission model enforcement will be improved in the upcoming weeks to continue evaluating the permission as long as the consumer is subscribing to events. If the user that set up this configuration lost the subscribe permission, the ingestion of events by the consumer is paused. This improvement ensures that only authorized users can access and consume events at all times. To address paused consumers, a user with sufficient permission must delete and recreate this configuration.

Example

The following is an example of how this permission model improvement works:

  • User1 creates Eventstream2 in Workspace2 as a consumer for OneLake events from Lakehouse1 in Workspace1.
    • Lakehouse1 includes sensitive employee information.
    • This configuration was allowed because User1 has SubscribeOneLakeEvents permission on Lakehouse1 at the time of creation.
  • User1 moves to a different part of the organization that should not be privileged enough to have access to employee information.
  • The admin for Workspace1 can’t track the consumers for OneLake events that User1 created. The admin also doesn’t have access to Workspace2.
  • However, the admin can remove User1’s SubscribeOneLakeEvents permission on Lakehouse1.
  • The ingestion of OneLake events in Eventstream2 is paused, allowing the admin to efficiently manage access to these events.

If the flow of OneLake events to Eventstream2 is desired in the future:

  • Workspace1’s admin can grant the SubscribeOneLakeEvents permission on Lakehouse1 to User2.
  • User2 can delete the existing source of OneLake events in Eventstream2 and recreate it to consume the events again from Lakehouse1.

In this case, it is recommended to take these steps before the permission is lost to avoid interruptions in the event consumption.

Monitoring

The status of the subscription can be tracked in the Real-Time Hub. To discover the status of the subscription, use the following steps:

  1. In Microsoft Fabric, select Real-Time on the left navigation bar.

A screenshot of a computer AI-generated content may be incorrect.

2. Select the Fabric events page or the Azure events page.

A screenshot of a computer AI-generated content may be incorrect.

3. Select the event group that you’re interested in to see all the consumers for this event group.

A screenshot of a computer AI-generated content may be incorrect.

4. The Status column shows Active/Paused status for each of the consumers for the events.

A screenshot of a computer AI-generated content may be incorrect.

5. Select View details from the actions.

A screenshot of a computer AI-generated content may be incorrect.

6. You can see the detailed error message that explains the exact reason for the paused state.

A screenshot of a computer AI-generated content may be incorrect.

Conclusion

Azure and Fabric Events is a powerful capability that allows organizations to capture, process, and respond to events across Microsoft Fabric in a secure manner, allowing you to efficiently manage access for event consumption. To learn more about the Subscribe permissions for Azure and Fabric events, refer to the documentation.

Stay tuned for new event group types, consumers, and enhancements for Azure and Fabric Events that will further simplify real-time data processing, automation, and analytics. We are committed to improving the event-driven capabilities in Fabric, so we encourage you to share your suggestions and feedback at Fabric Ideas for the Real-Time Hub category and join the conversation in the Fabric Community.

Related blog posts

Permission model improvements for Azure and Fabric Events

Blog's featured image

Unifying “Analyze data with” analytics across Fabric (Preview)
April 14, 2026 by Tzvia Gitlin Troyna

As Microsoft Fabric continues to converge analytics experiences across workloads, one of the most important steps forward is reducing friction in how users move from raw data to insights. With the latest integrations, the Eventhouse Endpoint is now deeply embedded into the “Analyze data with” entry points across Lakehouse, Data Warehouse, and Eventhouse, bringing a … Continue reading “Unifying “Analyze data with” analytics across Fabric (Preview)”

Read more
Blog's featured image

Fabric Influencers Spotlight: March 2026
April 3, 2026 by Marisa Mathews

Welcome to the March 2026 edition of the Fabric Influencers Spotlight, a recurring monthly post here to shine a bright light on the places on the internet where Microsoft MVPs & Fabric Super Users are doing some amazing work on all aspects of Microsoft Fabric. The Microsoft Fabric Community team has created the Fabric Influencers Spotlight to … Continue reading “Fabric Influencers Spotlight: March 2026”

Read more