OneLake: Row, Column & Object Security

Key insights

• OneLake Security centralizes access control for a Fabric lakehouse.
  It is currently in preview and acts as a single security layer applied at the data layer and respected by all Fabric experiences.
• Object-level, row-level, and column-level controls let you limit which folders, rows, or columns each user can see.
  Use these controls together to create precise, least-privilege access for sensitive datasets.
• Security is defined by roles composed of permissions, paths, filters, and assignments.
  Open the item, choose the Manage OneLake Security pane, create a role, set paths and filters, add users or groups, and save — rules apply immediately.
• Rules flow automatically into semantic models, reports, and ad-hoc analysis without extra T‑SQL or scattered RLS logic.
  This “apply once” model reduces duplicated security logic and simplifies auditing.
• Microsoft Entra ID handles identity mapping and permission checks while the service uses encryption at rest with Microsoft-managed keys.
  Access enforcement is consistent whether users connect via SQL, Spark, shortcuts, or other Fabric tools.
• Benefits include centralized governance, fewer security silos, and better compliance for multi-engine analytics.
  Because it’s a preview feature, test roles and flows in a safe environment before large-scale production rollouts.

Keywords

OneLake security, Microsoft Fabric OneLake security, OneLake row-level security, OneLake column-level security, OneLake object-level security, Fabric data security, Row column object level security, OneLake data governance