Microsoft Fabric Updates Blog

Announcing: Column-Level & Row-Level Security for Fabric Warehouse & SQL Endpoint

We are excited to announce the availability of Column-Level and Row-Level Security in Fabric Warehouse & SQL Endpoint in Public preview in all regions!

In today’s data-driven world, organizations are constantly collecting vast amounts of sensitive information that fuels their operations, decision-making processes, and competitive edge. While data accessibility is essential for business success, ensuring the confidentiality, integrity, and privacy of this information is equally critical. Enter Column-Level and Row-Level Security, two powerful data security strategies that tackle exactly these issues for your organization.

Column-Level security

Column-level security simplifies the design and coding of security in your application, allowing you to restrict column access to protect sensitive data. For example, ensuring that specific users can access only certain columns of a table pertinent to their department.
Access restrictions are managed within the Warehouse, ensuring that every time someone tries to access data from any part of the system, these restrictions are enforced. This approach enhances security by minimizing the potential weaknesses in your overall security system. In addition, column-level security also eliminates the need for introducing views to filter out columns for imposing access restrictions on the users.

Row-Level security

Row-Level Security enables you to use user accounts to control access to rows in a Warehouse or SQL Endpoint table. 

Row-Level Security (RLS) simplifies the design and coding of security in your application. RLS helps you implement restrictions on data row access. For example, you can ensure that workers access only those data rows that are pertinent to their department. Another example is to restrict customers’ data access to only the data relevant to their company.
The access rules are kept in the database, not in a different part of the application. The database enforces these rules whenever anyone tries to access data from any part of the system. This makes your security stronger and more dependable because it narrows down potential vulnerabilities in your security setup.

Implement RLS by using the CREATE SECURITY POLICY Transact-SQL statement, and predicates created as inline table-valued functions.

In Conclusion


We are very happy to announce the availability of Column-Level Security (CLS) and Row-Level Security (RLS) in Public Preview for Fabric Warehouse & SQL Endpoint. This will empower customers with precise control over their data access. Can’t wait to get started? Make sure you read up on the Documentation (RLS & CLS)


Related blog posts

Announcing: Column-Level & Row-Level Security for Fabric Warehouse & SQL Endpoint

June 21, 2024 by Marc Bushong

Developing ETLs/ELTs can be a complex process when you add in business logic, large amounts of data, and the high volume of table data that needs to be moved from source to target. This is especially true in analytical workloads involving relational data when there is a need to either fully reload a table or incrementally update a table. Traditionally this is easily completed in a flavor of SQL (or name your favorite relational database). But a question is, how can we execute a mature, dynamic, and scalable ETL/ELT utilizing T-SQL with Microsoft Fabric? The answer is with Fabric Pipelines and Data Warehouse.

May 31, 2024 by Dandan Zhang

As more and more enterprises store and analyze data on the cloud, the need for securing sensitive data has become paramount. Microsoft Fabric offers security at different levels – for instance, access control using workspace roles/permissions and granular security at the data layer. In addition to these, Network security provides a critical level of isolation, … Continue reading “Announcing General Availability of Fabric Private Links, Trusted Workspace Access, and Managed Private Endpoints”