Announcing permission model changes for OneLake events in Fabric Real-Time Hub
We are excited to announce the latest update to our permission model for OneLake events in the Fabric Real-Time Hub.
Previously, users with the ReadAll permission, such as workspace admins, members, and contributors, could subscribe to OneLake events for items like lakehouses, warehouses, SQL databases, mirrored databases, and KQL databases. To provide more granular control, we have recently launched a new permission called SubscribeOneLakeEvents. This reduces the access level needed on an item to consume OneLake events in Real-Time Hub.
Going forward, users with the new SubscribeOneLakeEvents permission will be able to subscribe to OneLake events. This permission will automatically be available to users in the workspace admin, member, and contributor roles. It can also be granted to viewers and other users (who may not have workspace roles) while sharing the item.
Users who have subscribed to OneLake events and created event streams or Data Activator items in the past should not experience any disruption, as they were automatically granted the SubscribeOneLakeEvents permission.
Please note that the sharing dialog for items does not show the option to subscribe to OneLake events. Permission to subscribe to OneLake events is granted along with ReadAll permission. This is a temporary limitation that will be removed in future releases.
Next steps
Get started with creating streams for OneLake events by reading Get OneLake events in Fabric Real-Time hub. Read about Roles in workspaces in Microsoft Fabric and Share items in Microsoft Fabric. Submit your feedback on Fabric Ideas and join the conversation on the Fabric Community.
