Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Next up in the FabCon + SQLCon recap series: The roadmap for Microsoft SQL and Maximizing Developer experiences in Fabric. All sessions are available on-demand after the live show. Register now

Reply
Bshin
Frequent Visitor

Need to secure a table - thoughts on how?

‎03-30-2025 08:32 AM

Hey folks, I have a use case where we have some very secure data that only 3-4 users may have privilege to view (just Read). We cannot have anyone else in the organization/tenant view this table (all tables live in a Data Lakehouse). 

 

My team and I had several ideas on how to do this (such as creating a separate workspace for the 3-4 privlieged users, creating a new lakehouse just for the sensitive data, etc).

 

Just wanted the broader communities thoughts on how they would implement this. 

 

Thanks!

Labels:
Message 1 of 4
1,237 Views
0
1 ACCEPTED SOLUTION
nilendraFabric
Super User
Super User

‎03-31-2025 06:08 AM

Hello @Bshin 

 

OneLake Data Access Roles provide folder-level access control within your lakehouse:

  1. Create a custom role for your sensitive data

  2. Assign this role to the specific folder containing your sensitive table

  3. Add only your 3-4 privileged users to this role

  4. Ensure these users aren't also assigned to the DefaultReader role (which grants access to all folders)



https://data-mozart.com/understanding-data-access-options-in-microsoft-fabric/

 

 

  • Be aware that implementing RLS, OLS, or CLS on the SQL analytics endpoint will cause Power BI queries in Direct Lake mode to fall back to Direct Query mode

  • Users with write access (Admin, Member, Contributor roles) aren't restricted by OneLake data access roles - they retain full access to data in OneLake

  • For complete isolation, consider creating a separate workspace for this sensitive data, as OneLake data access roles currently only apply to users accessing OneLake directly

View solution in original post

Message 3 of 4
1,170 Views
3 REPLIES 3
v-prasare
Community Support
Community Support

‎04-02-2025 10:38 PM

Hi @Bshin,

As we haven’t heard back from you, we wanted to kindly follow up to check if the solution provided for your issue worked? or let us know if you need any further assistance here?

 

@lbendlin & @nilendraFabric , Thanks for your promt response

 

 

Thanks,

Prashanth Are

MS Fabric community support

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly and give Kudos if helped you resolve your query

Message 4 of 4
1,103 Views
0
nilendraFabric
Super User
Super User

‎03-31-2025 06:08 AM

Hello @Bshin 

 

OneLake Data Access Roles provide folder-level access control within your lakehouse:

  1. Create a custom role for your sensitive data

  2. Assign this role to the specific folder containing your sensitive table

  3. Add only your 3-4 privileged users to this role

  4. Ensure these users aren't also assigned to the DefaultReader role (which grants access to all folders)



https://data-mozart.com/understanding-data-access-options-in-microsoft-fabric/

 

 

  • Be aware that implementing RLS, OLS, or CLS on the SQL analytics endpoint will cause Power BI queries in Direct Lake mode to fall back to Direct Query mode

  • Users with write access (Admin, Member, Contributor roles) aren't restricted by OneLake data access roles - they retain full access to data in OneLake

  • For complete isolation, consider creating a separate workspace for this sensitive data, as OneLake data access roles currently only apply to users accessing OneLake directly

Message 3 of 4
1,171 Views
lbendlin
Super User
Super User

‎03-30-2025 09:58 AM

There is lots of documentation on this topic. Please read through that

 

https://learn.microsoft.com/en-us/fabric/data-engineering/lakehouse-sharing

https://learn.microsoft.com/en-us/fabric/data-warehouse/security

https://databear.com/control-access-microsoft-fabric-lakehouse/

 

make sure to understand the difference between Lakehouse tables and Lakehouse SQL Endpoint tables.

 

Message 2 of 4
1,196 Views
0

Helpful resources

Announcements
FabCon and SQLCon Highlights Carousel

FabCon &SQLCon Highlights

Experience the highlights from FabCon & SQLCon, available live and on-demand starting April 14th.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Fabric Update Carousel

Fabric Monthly Update - March 2026

Check out the March 2026 Fabric update to learn about new features.

View All