Microsoft Fabric Blog introduces the public preview of OneLake security, highlighting author-driven best practices for securing data lakes with advanced, unified access controls across Fabric workloads.

OneLake Security (Preview) in Microsoft Fabric

Overview

OneLake security, now in public preview, delivers unified, fine-grained access control for data stored within the Microsoft Fabric platform. This enables organizations to manage permissions and protect sensitive information across multiple analytics engines (Power BI, Spark, Lakehouse, SQL Analytics) from a single, consistent security definition.

Key Features

  • Fine-Grained Security: Create security roles defining allowed folders, tables, rows, and columns. Assign permissions so users only access authorized data—ideal for controlling exposure of sensitive information (e.g., PII).
  • Unified Model: Security definitions are managed once and enforced across all access points in Fabric (works outside Fabric as well). No need for duplicated definitions in each service.
  • Integration with Shortcuts: Securely share data across workspaces and teams using shortcuts without copying data or weakening controls; access obeys security restrictions.
  • Flexible Management: Manage security roles via user interface or APIs (API documentation).
  • Automatic Migration: Workspaces using former OneLake data access roles are automatically upgraded to OneLake security without required user action.

Recent Improvements

SQL Analytics Endpoint

  • New UI for highlighting security sync errors and recommended resolution steps
  • UI for identity/delegated mode clarity
  • Faster, optimized backend sync of security changes

Lakehouse and Spark Integration

  • Automatic application of column-level security in object explorer
  • Spark notebooks now support OneLake security for non-schema lakehouses
  • Faster live pool startup for queries involving RLS (Row-Level Security) and CLS (Column-Level Security)
  • Up to 4x performance improvement for security-sensitive queries

Power BI

  • Enhanced query performance for semantic models leveraging RLS

Example Scenarios

  • Data owners can grant access to business analysts for specific datasets while masking PII by configuring row or column security.
  • Business analysts can consume data securely, even via shortcuts, without risking data leaks or needing duplicate copies.

Getting Started

OneLake security empowers Fabric users with transparent, modern controls for securing distributed data lakes while maintaining accessibility and data democratization across analytics environments.

This post appeared first on “Microsoft Fabric Blog”. Read the entire article here