topic Re: setting onelake security column level security programmatically in Data Engineering

setting onelake security column level security programmatically

kjetil_hamre — Tue, 28 Oct 2025 13:16:07 GMT

Hi,

I am very keen to see Onelake security in production. However, I would like to set column level security programmatically in a metadata driven setup of ingest into a medallion architecture.

I hear that the fabric rest api is the most mature programming interface. However I cannot see anything documented on onelake security. Indeed, when I set schema enabled on a lakehouse, I cannot even list tables.

import requests
token_string = mssparkutils.credentials.getToken(https://api.fabric.microsoft.com/)
header = {'Content-Type':'application/json','Authorization': f'Bearer {token_string}'}
response = requests.get(url=https://api.fabric.microsoft.com/v1/workspaces/{WORKSPACE_ID}/lakehouses/{LAKEHOUSE_ID}/tables, headers=header)

print("Status Code:", response.status_code)
print("Response JSON:", response.json())

------
Status Code: 400
Response JSON: Response JSON: {'requestId': 'blablah', 'errorCode': 'UnsupportedOperationForSchemasEnabledLakehouse', 'message': 'The operation is not supported for Lakehouse with schemas enabled.'}

And I find no mention of any attributes regarding onelake security! Anybody has any information on if there is something available now, or if there is going to be something on this soon? Or if there is some other way of setting these things programmatically.

Thank you
K

Re: setting onelake security column level security programmatically

tayloramy — Wed, 29 Oct 2025 03:23:32 GMT

Hi @kjetil_hamre,

Welcome to the fun of preview features - don't try and push this into production until it becomes GA.

This is interesting, the error message you are getting states that lakehouses with schemas (also in preview and should not be in use in production) aren't supported, but the documentation seems to say otherwise:

https://learn.microsoft.com/en-us/rest/api/fabric/core/onelake-data-access-security/create-or-update-data-access-roles?tabs=HTTP#columnconstraint

Are you able to do this via the UI at all?
https://learn.microsoft.com/en-us/fabric/onelake/security/get-started-onelake-security

If you can, there might be a bug with the API.

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.

Re: setting onelake security column level security programmatically

kjetil_hamre — Wed, 29 Oct 2025 10:02:01 GMT

The first link is to the documentation I was looking for! Thank you. I am now able to set column level security on specific columns in the lakehouse. Just what I was looking for. As for the schema enabled lakehouse there might be a bug, but otherwise it works. Thanks!!!

regards,
Kjetil