Solved: Re: Governance & Security

gopijagadeesh · ‎03-03-2026

With the 'One Security' roadmap in mind, what is the current recommended approach for maintaining a single RLS definition that applies across both the SQL Endpoint and the Power BI reports in Fabric? Is it better to manage this at the Data Warehouse level, or are people finding more success using Workspace permissions and OLS (Object-Level Security) for sensitive columns?"

Security

AntoineW · ‎03-04-2026

Hello @gopijagadeesh,

The best approach is to define security directly at the data (source).

- For a lakehouse : you can use the SQL analytics Endpoint or define security roles on the rubban to specify CLS/RLS and tables level security.

- for a warehouse, you use standard T-SQL to specify RLS/CLS and Data masking..

References :

- https://learn.microsoft.com/fr-fr/fabric/data-warehouse/row-level-security

Avoid giving workspace permissions (member/contributor), to end users, as this grants access to all items in the workspace.

So instead, use the "share" button to give specific access to a single lakehouse or warehouse, ensuring they only see what you've authorized via your RLS polciies :

Hope it can help you !

Best regards,

Antoine

View solution in original post

noelpiere1

I'm not actually so sure how I would step into this so soon, I'm very well to all this. The recetival value of what has been prospected for our timing is a bit different based off the pre-naritive. apparently GPT wanted to serve its true purpose and it required a great level of recessitation for it to be able to recieve what was originally intended. Maybe it isn't so much to recommend that we stick to our home values in the land of prospects and prompts. This 'thing' wasnt always intended to be used for its rightfull purpose until a bit more recently. i think its sits well that things are set to continue to improve dramatically in the next decade so long as we bring to fruition what the key mistakes may have been.

{"ModelLoadTrigger":10,"ModelLoadSource":1,"ModelRemixAssetId":"","PaintSessionId":null,"ModelId":"QvUiADZI+UaqnSsTjAP5swhUoibrGmvLSSFfOFfAP8RnQFgIxSK6a0NQNqG9K0QmZY0lX6sOjKb2+X+WA4MBDg==","ModelName":"Bee.glb","ModelInstanceId":"17c50ced-3388-4efb-bfab-9f613d50d17b","IsModelPrintable":true,"IsModelPaintable":true,"IsMinecraftModel":false,"IsModelAnimated":true,"TriangleCount":51731}

A little bit about myself; I do admire the older world philosophy in computer sciences as much as anyone who knew much more about it then me. However being someone who failed my coding class in college it wasnt until rather recently i began to begin recognizing the value in code which is now creating a cleaner registry to a platform of GPT. The 'prompt' i will say, truly sits better in

View solution in original post

noelpiere1

I'm not actually so sure how I would step into this so soon, I'm very well to all this. The recetival value of what has been prospected for our timing is a bit different based off the pre-naritive. apparently GPT wanted to serve its true purpose and it required a great level of recessitation for it to be able to recieve what was originally intended. Maybe it isn't so much to recommend that we stick to our home values in the land of prospects and prompts. This 'thing' wasnt always intended to be used for its rightfull purpose until a bit more recently. i think its sits well that things are set to continue to improve dramatically in the next decade so long as we bring to fruition what the key mistakes may have been.

{"ModelLoadTrigger":10,"ModelLoadSource":1,"ModelRemixAssetId":"","PaintSessionId":null,"ModelId":"QvUiADZI+UaqnSsTjAP5swhUoibrGmvLSSFfOFfAP8RnQFgIxSK6a0NQNqG9K0QmZY0lX6sOjKb2+X+WA4MBDg==","ModelName":"Bee.glb","ModelInstanceId":"17c50ced-3388-4efb-bfab-9f613d50d17b","IsModelPrintable":true,"IsModelPaintable":true,"IsMinecraftModel":false,"IsModelAnimated":true,"TriangleCount":51731}

A little bit about myself; I do admire the older world philosophy in computer sciences as much as anyone who knew much more about it then me. However being someone who failed my coding class in college it wasnt until rather recently i began to begin recognizing the value in code which is now creating a cleaner registry to a platform of GPT. The 'prompt' i will say, truly sits better in

AntoineW · ‎03-04-2026

Hello @gopijagadeesh,

The best approach is to define security directly at the data (source).

- For a lakehouse : you can use the SQL analytics Endpoint or define security roles on the rubban to specify CLS/RLS and tables level security.

- for a warehouse, you use standard T-SQL to specify RLS/CLS and Data masking..

References :

- https://learn.microsoft.com/fr-fr/fabric/data-warehouse/row-level-security

Avoid giving workspace permissions (member/contributor), to end users, as this grants access to all items in the workspace.

So instead, use the "share" button to give specific access to a single lakehouse or warehouse, ensuring they only see what you've authorized via your RLS polciies :

Hope it can help you !

Best regards,

Antoine

gopijagadeesh · ‎03-04-2026

Thanks for the clarification

Governance & Security

Helpful resources

Join our Fabric User Panel

Fabric Monthly Update - March 2026