Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Did you hear? There's a new SQL AI Developer certification (DP-800). Start preparing now and be one of the first to get certified. Register now

aonelakeuser
Microsoft Employee
‎01-09-2025 08:30 AM

Define security on folders within a shortcut using OneLake data access roles

We’re excited to introduce a highly-requested feature that enhances your experience with OneLake: the ability to define security settings on folders within a shortcut! When a shortcut is created in OneLake it references a data lake path. This can be thought of as the root of the shortcut. There can be one or more additional folder paths within that shortcut, which are the sub-folders. When OneLake data access roles was released, security could only be defined on the shortcut root itself. However, with this new release you can define security on any sub-folder within the shortcut root. Let’s look at an example of how this simplifies security management.

Security on folders in action

I have an AWS S3 bucket called s3://contoso-outdoors that I created a shortcut to. Within this bucket are additional folders each containing a table. The shortcut on OneLake now refers to this location as Files/S3Data. Each of the tables within Files/S3Data is a sub-folder. Some of the sub-folders I have are S3Data/employee_test or S3Data/Tables.

Define_security_on_folders_within_a_shortcut_using_OneLake_data_access_rolesDefine_security_on_folders_within_a_shortcut_using_OneLake_data_access_roles

I might want to define access to this shortcut data such that one group of users can see the employee_test sub-folder, and another can only see the Tables sub-folder. With the latest addition to OneLake data access roles, I can easily do this.

I open the 'Manage OneLake data access' pane and select my role SubFolderTest.

Define_security_on_folders_within_a_shortcut_using_OneLake_data_access_rolesDefine_security_on_folders_within_a_shortcut_using_OneLake_data_access_roles

Under the 'Selected folders' option, I can then browse S3Data and choose the employee_test sub-folder to grant access to as part of this role. Any of the sub-folders can be selected, and I can further expand the folders to grant access to additional items. Once I make my selections I can save the role.

Define_security_on_folders_within_a_shortcut_using_OneLake_data_access_rolesDefine_security_on_folders_within_a_shortcut_using_OneLake_data_access_roles

By combining this feature with lakehouse schemas, you can now create a single shortcut to data and manage security for hundreds or thousands of different users with ease.

Securing shortcut sub-folders with OneLake data access roles is available now in public preview. Try it out and leave a comment below with any questions or feedback.

Next steps

Get started with OneLake data access roles.

Learn more about security in OneLake.

0