Table and folder security in OneLake (preview)

Table-level and folder-level security, or object level security (OLS), is a feature of OneLake security (preview) that lets you grant access to specific tables or folders in a data item. Using OLS you create permissions for both structured and unstructured data at the folder level.

Prerequisites

• An item in Fabric with OneLake security turned on. For more information, see Get started with OneLake security.
• Switch the SQL analytics endpoint on the lakehouse to User's identity mode through the Security tab.
• For creating semantic models, use the steps to create a DirectLake model.
• For a full list of limitations, see the known limitations section.

Define security rules

You can define object-level security on any folder within a data item. Because delta-parquet tables in OneLake are represented as folders, security can also be configured on tables. Likewise, schemas are also folders and can be secured similarly.

Use the following steps to define security roles for tables or folders.

1. Navigate to your Lakehouse and select Manage OneLake security (preview).

2. Select an existing role that you want to define table or folder security for, or select New to create a new role.

3. On the role details page, select Add data. This action opens the data browsing experience.

   

4. Expand the Tables or Files directories to browse to the items you want to include in the role.

   • For tables, you can expand schemas to choose individual tables.

   • For files, you can expand any number of folders to identify the right items.

5. Select the checkbox next to the items you want to grant access to. You can select up to 500 items per role.

6. Once you have made your selection, select Add data to save your changes and return to the data in role page

   

   Your changes to the role are saved automatically.