Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Fabric Certified for FREE during Fabric Data Days. Don't miss your chance! Request now

Reply
stellahe102
Helper I
Helper I

Lakehouse Column-Level-Security via OneLake Data Access Role

‎09-11-2025 09:49 AM

Hi there, we are experimenting with applying column level security to lakehouse tables.

 

we don't have the same feature shown in the official doc highlighted in below:

 

stellahe102_1-1757608993883.png

 

 

Below is what we are seeing on our end: no option for "Column security(Preview)." when going to the tables in the role. We know for sure one security role works for us, as users can only access the tables defined in the oneLake security role, but column security (Preview) or row security is not enabled.

 

Is this because this is a new feature, or is there something we need to do to enable this feature?

 

stellahe102_2-1757609268069.png

 

Labels:
Message 1 of 14
1,483 Views
0
1 ACCEPTED SOLUTION
AntoineW
Memorable Member
Memorable Member
In response to stellahe102

‎09-16-2025 12:40 AM

Yes @stellahe102,

It's a feature that isn't ready for now. It's a known problem currently affecting the OneLake Security control plane that Microsoft is working on.

Specifically, this issue involves metadata retrieval failures due to authentication errors in cross-rollout scenarios. These errors prevent the system from correctly fetching role metadata, which in turn causes latency or disables visibility of RLS/CLS configuration options in the Lakehouse UI.

 

> Impact: RLS/CLS roles may not load, and security options may be hidden or unresponsive.

 

So we have to wait a bit for this feature ! 

Best regards,

Antoine

View solution in original post

Message 9 of 14
1,246 Views
0
13 REPLIES 13
v-pnaroju-msft
Community Support
Community Support

‎11-21-2025 09:37 AM

Hi stellahe102,

Thank you for your update and for your patience.

Based on my understanding, it appears that the behaviour you are experiencing may be due to CLS still being in preview and not yet fully rolled out across all regions and tenants. Your configuration meets all the prerequisites, such as OneLake security being enabled and Delta tables being present, and no additional tenant or capacity configuration is required.
We request that you monitor the Microsoft Fabric blog for updates as the feature progresses toward general availability.

Microsoft Fabric Blog

We hope the information helps to clarify the situation. Should you have any further queries, please feel free to contact the Microsoft Fabric community.

Thank you.

Message 14 of 14
221 Views
v-pnaroju-msft
Community Support
Community Support

‎09-23-2025 09:31 AM

Hi stellahe102,

We wanted to see if the information we gave helped fix your problem. If you need more help, please feel free to contact the Microsoft Fabric community.

Thank you.

Message 13 of 14
1,078 Views
0
v-pnaroju-msft
Community Support
Community Support

‎09-20-2025 08:12 AM

Hi stellahe102,

We are following up to see if what we shared solved your issue. If you need more support, please reach out to the Microsoft Fabric community.

Thank you.

Message 12 of 14
1,163 Views
0
v-pnaroju-msft
Community Support
Community Support

‎09-17-2025 04:47 AM

Thankyou, @AntoineW, for your response.

Hi stellahe102,

We would like to follow up and see whether the details we shared have resolved your problem.
If you need any more assistance, please feel free to connect with the Microsoft Fabric community.

Thank you.


Message 11 of 14
1,211 Views
v-pnaroju-msft
Community Support
Community Support

‎09-13-2025 04:51 AM

Thankyou, @tayloramy for your response.

Hi stellahe102,

We appreciate your inquiry through the Microsoft Fabric Community Forum.

Based on my understanding, Column Level Security (CLS) in OneLake is available only for Delta tables after OneLake security is enabled on the lakehouse. If the table is not a Delta-Parquet table (i.e., it does not contain a _delta_log folder), or if the SQL endpoint is not configured to use the user’s identity, the CLS option will not be displayed. Additionally, users who remain in the default role DefaultReader will continue to have full access, which can hide CLS behaviour.

Please follow the steps below, which may help to resolve the issue:

  1. Open the lakehouse and select Manage OneLake security (preview) / Manage OneLake data access (preview) and ensure that it is enabled.
  2. Confirm that the table is a Delta table. In Lakehouse Explorer, rightclick the table and select View files to check for the presence of _delta_log. If it is not a Delta table, reload or convert the data into a Delta table using Load to table or Spark write with format("delta").
  3. If you plan to query via the SQL Analytics endpoint, switch OneLake access mode to User’s identity under Security.
  4. Remove the test user from the DefaultReader role to validate the custom role permissions.
  5. After completing the above steps, go to Manage OneLake security, open Roles, and under Data for the relevant role select the ellipsis (…), you should then see Column security (preview).

For further reference, please consult the following links:
Lakehouse sharing and permission management - Microsoft Fabric | Microsoft Learn
Get started with OneLake security (preview) - Microsoft Fabric | Microsoft Learn
Column-level security - Microsoft Fabric | Microsoft Learn

We hope that the information provided will help resolve the issue. Should you have any further queries, please feel free to contact the Microsoft Fabric community.

Thank you.

Message 7 of 14
1,361 Views
0
stellahe102
Helper I
Helper I
In response to v-pnaroju-msft

‎11-20-2025 08:38 AM

Hi @v-pnaroju-msft and @AntoineW ,thanks for all your previous replies

 

it's been 2 months since the CLS preview feature is released - Now I am able to see the column level security feature, but still the full configuration is not available yet, see below, the places that seems to be desgined for removing or adding columns are greyed out.

 

Question is, is this due to anything we need to enable from capacity or tenant admin side? OR this is due to the roll-out plan and this feature is still not ready yet to to our tenant? 

stellahe102_1-1763656688209.png

 

 

Message 10 of 14
252 Views
0
stellahe102
Helper I
Helper I
In response to v-pnaroju-msft

‎09-15-2025 02:01 PM

Just to confirm, is No.3 in below required,  in order to enable the CLS and RLS in lakehouse? As we have met all the other criteria except for No.3 (we couldn't enable this, pls see below screenshots)

 

Please follow the steps below, which may help to resolve the issue:

  1. Open the lakehouse and select Manage OneLake security (preview) / Manage OneLake data access (preview) and ensure that it is enabled.
  2. Confirm that the table is a Delta table. In Lakehouse Explorer, rightclick the table and select View files to check for the presence of _delta_log. If it is not a Delta table, reload or convert the data into a Delta table using Load to table or Spark write with format("delta").
  3. If you plan to query via the SQL Analytics endpoint, switch OneLake access mode to User’s identity under Security.

 

The "Security" tab mentioned in the official doc (see below) for No.3 above, is not visible to us, is that a relative feature that we might need to wait for the roll out? 

 

View from Microsoft official doc:

stellahe102_0-1757969631638.png

 

This is our view:

stellahe102_1-1757969969627.png

 

Message 8 of 14
1,280 Views
0
AntoineW
Memorable Member
Memorable Member
In response to stellahe102

‎09-16-2025 12:40 AM

Yes @stellahe102,

It's a feature that isn't ready for now. It's a known problem currently affecting the OneLake Security control plane that Microsoft is working on.

Specifically, this issue involves metadata retrieval failures due to authentication errors in cross-rollout scenarios. These errors prevent the system from correctly fetching role metadata, which in turn causes latency or disables visibility of RLS/CLS configuration options in the Lakehouse UI.

 

> Impact: RLS/CLS roles may not load, and security options may be hidden or unresponsive.

 

So we have to wait a bit for this feature ! 

Best regards,

Antoine

Message 9 of 14
1,247 Views
0
AntoineW
Memorable Member
Memorable Member

‎09-12-2025 02:55 AM

@stellahe102,

 

Hello Same problem I've encounter : a bit frustrating ...

 

https://community.fabric.microsoft.com/t5/Fabric-platform/OneLake-Security-Lakehouse-can-t-find-the-...

Message 6 of 14
1,414 Views
0
tayloramy
Community Champion
Community Champion

‎09-11-2025 10:19 AM

@stellahe102, actually, this might already be enabled. 

 

Open your lakehouse and then at the top click on Manage OneLake data access (preview) to enable the feature on your lakehouse. 
This is irreversable, once enabled it cannot be disabled. 

tayloramy_0-1757611148181.png

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, please mark this as the solution.

 

Message 3 of 14
1,466 Views
0
stellahe102
Helper I
Helper I
In response to tayloramy

‎09-12-2025 06:22 AM

the "Manage OneLake data access (preview)" has been enabled on the related lakehouse before I posted the original message, and we already use that feature for table level security, it is the column-level security feature that is not available, any idea why, and when it will be rolled out to our tenant? we are in US East2 region

Message 4 of 14
1,403 Views
0
tayloramy
Community Champion
Community Champion
In response to stellahe102

‎09-12-2025 06:25 AM

Hi @stellahe102

 

Microsoft rolls out updates slowly by region, to ensure that a bug can't take down all regions at once, and to ensure they don't overload servers. 

 

This column level OneLake security came into public preview 4 days ago, so it could still be propagating down to all the tenants. I recommend waiting until maybe mid next week and trying again? 

 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, please mark this as the solution.

Message 5 of 14
1,402 Views
0
tayloramy
Community Champion
Community Champion

‎09-11-2025 10:15 AM

Hi @stellahe102

 

This was a private preview feature until a couple of days ago, so it appears it is not enabled on your tenant yet. I recommend giving it a few more days to see if the setting appears. Updates are rolled out gradually, and not enabled on all tenants all at once. 

 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, please mark this as the solution.  

Message 2 of 14
1,469 Views
0

Helpful resources

Announcements
November Fabric Update Carousel

Fabric Monthly Update - November 2025

Check out the November 2025 Fabric update to learn about new features.

Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All