Failed to fetch tables for the space when using Genie MCP via Model Serving

ilaria — Thu, 05 Mar 2026 13:53:18 GMT

Hello everyone,

I'm experiencing a specific permissions issue when using an AI agent that queries a Genie space via MCP (Model Context Protocol) within a Model Serving endpoint.
I developed an AI agent to query a Genie space to retrieve retail sales data for predictions. I own the catalog, schema, and Genie space.

When interacting with the agent via the Review app (Model Serving), any query that triggers a call to the Genie tool fails with the following error:
PERMISSION_DENIED: Unable to retrieve tables for the space. Please resolve these errors to continue: No access to the table 'fashion_retail.ppl_schema.silver_transactions'. Code: 42.

What is the best practice for granting Unity Catalog permissions (USE CATALOG, USE SCHEMA, SELECT) to a system identity created from a Model Serving endpoint?

Any suggestions on how to properly configure the authorization chain between Model Serving -> MCP -> Genie -> Unity Catalog would be greatly appreciated.

Thanks in advance!

Re: Failed to fetch tables for the space when using Genie MCP via Model Serving

Ashwin_DSA — Fri, 06 Mar 2026 22:29:47 GMT

Hi @ilaria,

When you call a Genie space via MCP from a Model Serving endpoint, the queries against the table you have mentioned (fashion_retail.ppl_schema.silver_transactions) don’t run as you (the workspace user who owns the catalog/schema/space), but as the system identity/service principal associated with that serving endpoint. That identity must have its own Unity Catalog permissions.

Here are some steps you can try...

Check Genie space + app/endpoint permissions

Make sure the endpoint’s identity has at least CAN RUN on the Genie space, not just you as a user. The Genie app/docs spell this out and also highlight that the app’s service principal needs UC privileges on the underlying tables:

Grant Unity Catalog privileges to the serving identity

In addition to space‑level permissions, the Model Serving system identity (or associated service principal) must have at least:

GRANT USE CATALOG ON CATALOG fashion_retail TO `<endpoint-sp-or-group>`;
GRANT USE SCHEMA ON SCHEMA fashion_retail.ppl_schema TO `<endpoint-sp-or-group>`;
GRANT SELECT ON TABLE fashion_retail.ppl_schema.silver_transactions TO `<endpoint-sp-or-group>`;

Replace <endpoint-sp-or-group> with the actual principal that backs your Model Serving endpoint (often shown in the endpoint config or via your admin/team).

If the above steps don't resolve, test access using the same principal that backs the serving endpoint (for example, via a job or test notebook impersonating that SP). If a simple SELECT * FROM fashion_retail.ppl_schema.silver_transactions LIMIT 1 fails there with the same error, you’ve confirmed it’s purely a UC permissions issue.

If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.

topic Failed to fetch tables for the space when using Genie MCP via Model Serving in Generative AI

Failed to fetch tables for the space when using Genie MCP via Model Serving

Re: Failed to fetch tables for the space when using Genie MCP via Model Serving

Check Genie space + app/endpoint permissions

Grant Unity Catalog privileges to the serving identity