Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Next up in the FabCon + SQLCon recap series: The roadmap for Microsoft SQL and Maximizing Developer experiences in Fabric. All sessions are available on-demand after the live show. Register now

Reply
AditiPattnaik
Advocate II
Advocate II

OneLake Security CLS/RLS issue

‎02-18-2026 03:59 AM

Hey there, 

I was experimenting with OneLake Security but got stuck while applying CLS/RLS.
So after giving permission to lakehouse, the issues am facing are
1) The viewer can see the table and data but the moment am applying CLS/RLS on that particular table, the viewer is not able to see the data and it says unable to refresh the table in the Lakehouse UI

Here i have applied CLS on agent data and RLS on sales_consolidated that the viewer is not able to see or load.

image.png

 

 

 

2) In the SQL analytics endpoint, when i did using delegated identity, viewer could perform select query and see the data without CLS/RLS enforcement though but with enabled user identity and with CLS/RLS applied,
                         1) Viewer is not able to query the data

                         2) Can see all the tables even ones without permission but not the data. image (1).jpg

 

image.jpg

 

I tried but seems like not working for me. May be I missed some steps. Can anyone help me in this?

Labels:
Message 1 of 6
612 Views
0
1 ACCEPTED SOLUTION
v-kpoloju-msft
Community Support
Community Support
In response to AditiPattnaik

‎02-20-2026 02:00 AM

Hi @AditiPattnaik
Thank you for the detailed explanation and screenshots.

Based on your scenario, the behaviour you are seeing is expected when One Lake security (CLS/RLS) is enabled and the SQL analytics endpoint is configured to use User identity. Workspace roles such as Viewer only allow users to see metadata (like table names), but actual data access is controlled separately through One Lake security permissions.

Once CLS/RLS is applied, users must be explicitly granted Read permission at the schema, table, or folder level using Manage One Lake security. Without this Read permission, the Lakehouse UI cannot preview the data, and the SQL analytics endpoint will return errors such as SELECT permission was denied.

To resolve this, please open the Lakehouse, select the affected schema or table, and use Manage One Lake security to grant the user Read permission. After allowing a short time for permission propagation, the user should be able to preview and query the data successfully, while CLS/RLS continues to enforce the intended restrictions.

Refer these links:
1. https://learn.microsoft.com/en-us/fabric/onelake/security/data-access-control-model 
2. https://learn.microsoft.com/en-us/fabric/onelake/security/get-started-security 
3. https://learn.microsoft.com/en-us/fabric/data-engineering/workspace-roles-lakehouse 
4. https://learn.microsoft.com/en-gb/fabric/data-engineering/lakehouse-sql-analytics-endpoint 

Hope this clarifies. Let us know if you have any doubts regarding this. We will be happy to help.

Thank you for using the Microsoft Fabric Community Forum.

View solution in original post

Message 4 of 6
539 Views
0
5 REPLIES 5
AditiPattnaik
Advocate II
Advocate II

‎02-18-2026 10:39 PM

Hi,
Thank you for the response.
However, i have tried the same steps but still facing the same issue. 

Message 3 of 6
562 Views
0
v-kpoloju-msft
Community Support
Community Support
In response to AditiPattnaik

‎02-20-2026 02:00 AM

Hi @AditiPattnaik
Thank you for the detailed explanation and screenshots.

Based on your scenario, the behaviour you are seeing is expected when One Lake security (CLS/RLS) is enabled and the SQL analytics endpoint is configured to use User identity. Workspace roles such as Viewer only allow users to see metadata (like table names), but actual data access is controlled separately through One Lake security permissions.

Once CLS/RLS is applied, users must be explicitly granted Read permission at the schema, table, or folder level using Manage One Lake security. Without this Read permission, the Lakehouse UI cannot preview the data, and the SQL analytics endpoint will return errors such as SELECT permission was denied.

To resolve this, please open the Lakehouse, select the affected schema or table, and use Manage One Lake security to grant the user Read permission. After allowing a short time for permission propagation, the user should be able to preview and query the data successfully, while CLS/RLS continues to enforce the intended restrictions.

Refer these links:
1. https://learn.microsoft.com/en-us/fabric/onelake/security/data-access-control-model 
2. https://learn.microsoft.com/en-us/fabric/onelake/security/get-started-security 
3. https://learn.microsoft.com/en-us/fabric/data-engineering/workspace-roles-lakehouse 
4. https://learn.microsoft.com/en-gb/fabric/data-engineering/lakehouse-sql-analytics-endpoint 

Hope this clarifies. Let us know if you have any doubts regarding this. We will be happy to help.

Thank you for using the Microsoft Fabric Community Forum.

Message 4 of 6
540 Views
0
v-kpoloju-msft
Community Support
Community Support
In response to v-kpoloju-msft

‎02-22-2026 09:34 PM

Hi @AditiPattnaik

Just checking in to see if the issue has been resolved on your end. If the earlier suggestions helped, that’s great to hear! And if you’re still facing challenges, feel free to share more details happy to assist further.

Thank you.

Message 5 of 6
499 Views
0
v-kpoloju-msft
Community Support
Community Support
In response to v-kpoloju-msft

‎02-25-2026 10:25 PM

Hi @AditiPattnaik

Just wanted to follow up. If the shared guidance worked for you, that’s wonderful hopefully it also helps others looking for similar answers. If there’s anything else you'd like to explore or clarify, don’t hesitate to reach out.

Thank you.

Message 6 of 6
452 Views
0
suparnababu8
Super User
Super User

‎02-18-2026 04:10 AM

Hello @AditiPattnaik 

 

I written blog about OneLake RLS Fine-grained ReadWrite access to data with OneLake... - Microsoft Fabric Community   

suparnababu8_0-1771416571511.png

 

Please take llok at above blog, it helps you.

 

Thank you!!

 

Did I answer your question? Mark my post as a solution!

Proud to be a Super User!

 

Message 2 of 6
603 Views

Helpful resources

Announcements
FabCon and SQLCon Highlights Carousel

FabCon &SQLCon Highlights

Experience the highlights from FabCon & SQLCon, available live and on-demand starting April 14th.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Fabric Update Carousel

Fabric Monthly Update - March 2026

Check out the March 2026 Fabric update to learn about new features.

View All