grant_permission
Grant access to a database, schema, or object by assigning permissions to a principal. Supports column-level security and with grant option.
Instructions
Grant permissions on a securable to a principal.
Executes GRANT <permissions> ON <scope> TO <principal>.
Blocked by FABRIC_MCP_READONLY. Does NOT require
FABRIC_MCP_ALLOW_DESTRUCTIVE.
Args:
workspace: Workspace name or GUID.
item: Warehouse or SQL endpoint name or GUID.
permissions: Comma-separated permission tokens (e.g. "SELECT,INSERT").
principal: Grantee principal name (Entra UPN, app GUID, or role name).
scope: Securable class -- "DATABASE" (default), "SCHEMA", or
"OBJECT".
schema: Schema name (required when scope is "SCHEMA").
object_name: Qualified object name <schema>.<object> (required when
scope is "OBJECT").
with_grant_option: When True, allows the grantee to grant the
permission to others (adds WITH GRANT OPTION).
columns: Optional list of column names for column-level security
(OBJECT scope only; permissions must be SELECT, UPDATE, or
REFERENCES). Pass None (omit) for no column restriction.
Passing an empty list raises a ToolError.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| item | Yes | ||
| scope | No | DATABASE | |
| schema | No | ||
| columns | No | ||
| principal | Yes | ||
| workspace | Yes | ||
| object_name | No | ||
| permissions | Yes | ||
| with_grant_option | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||