Please enter your information to subscribe to the Microsoft Fabric Blog.

Thanks for subscribing to the Microsoft Fabric Blog. You’ll receive email notifications when we publish new posts.

Microsoft Fabric Updates Blog

  1. Updates
  2. All

Define security on folders within a shortcut using OneLake data access roles

We’re excited to introduce a highly-requested feature that enhances your experience with OneLake: the ability to define security settings on folders within a shortcut! When a shortcut is created in OneLake it references a data lake path. This can be thought of as the root of the shortcut. There can be one or more additional folder paths within that shortcut, which are the sub-folders. When OneLake data access roles was released, security could only be defined on the shortcut root itself. However, with this new release you can define security on any sub-folder within the shortcut root. Let’s look at an example of how this simplifies security management.

Security on folders in action

I have an AWS S3 bucket called s3://contoso-outdoors that I created a shortcut to. Within this bucket are additional folders each containing a table. The shortcut on OneLake now refers to this location as Files/S3Data. Each of the tables within Files/S3Data is a sub-folder. Some of the sub-folders I have are S3Data/employee_test or S3Data/Tables.

I might want to define access to this shortcut data such that one group of users can see the employee_test sub-folder, and another can only see the Tables sub-folder. With the latest addition to OneLake data access roles, I can easily do this.

I open the ‘Manage OneLake data access’ pane and select my role SubFolderTest.

Under the ‘Selected folders’ option, I can then browse S3Data and choose the employee_test sub-folder to grant access to as part of this role. Any of the sub-folders can be selected, and I can further expand the folders to grant access to additional items. Once I make my selections I can save the role.

By combining this feature with lakehouse schemas, you can now create a single shortcut to data and manage security for hundreds or thousands of different users with ease.

Securing shortcut sub-folders with OneLake data access roles is available now in public preview. Try it out and leave a comment below with any questions or feedback.

Next steps

Get started with OneLake data access roles.

Learn more about security in OneLake.

Related blog posts

Define security on folders within a shortcut using OneLake data access roles

Blog's featured image

Gain even more trust and compliance with OneLake diagnostics immutability (Generally Available)
January 12, 2026 by Tom Peplow

In October 2025, we introduced OneLake diagnostics—a powerful capability that helps teams “answer who accessed what, when, and how” across your Fabric Lakehouse environment. OneLake diagnostics streams JSON-based activity logs into a Lakehouse you choose, enabling rich analysis, governance, and compliance workflows. A powerful capability that helps teams “answer who accessed what, when, and how” … Continue reading “Gain even more trust and compliance with OneLake diagnostics immutability (Generally Available)”

Read more
Blog's featured image

SQL Telemetry & Intelligence – How we built a Petabyte-scale Data Platform with Fabric
December 16, 2025 by Raki Rahman

Building a Petabyte-scale Data Platform with Fabric and SQL Telemetry and Intelligence Engineering team.

Read more