Please enter your information to subscribe to the Microsoft Fabric Blog.

Thanks for subscribing to the Microsoft Fabric Blog. You’ll receive email notifications when we publish new posts.

Microsoft Fabric Updates Blog

  1. Updates
  2. All

Define security on folders within a shortcut using OneLake data access roles

We’re excited to introduce a highly-requested feature that enhances your experience with OneLake: the ability to define security settings on folders within a shortcut! When a shortcut is created in OneLake it references a data lake path. This can be thought of as the root of the shortcut. There can be one or more additional folder paths within that shortcut, which are the sub-folders. When OneLake data access roles was released, security could only be defined on the shortcut root itself. However, with this new release you can define security on any sub-folder within the shortcut root. Let’s look at an example of how this simplifies security management.

Security on folders in action

I have an AWS S3 bucket called s3://contoso-outdoors that I created a shortcut to. Within this bucket are additional folders each containing a table. The shortcut on OneLake now refers to this location as Files/S3Data. Each of the tables within Files/S3Data is a sub-folder. Some of the sub-folders I have are S3Data/employee_test or S3Data/Tables.

I might want to define access to this shortcut data such that one group of users can see the employee_test sub-folder, and another can only see the Tables sub-folder. With the latest addition to OneLake data access roles, I can easily do this.

I open the ‘Manage OneLake data access’ pane and select my role SubFolderTest.

Under the ‘Selected folders’ option, I can then browse S3Data and choose the employee_test sub-folder to grant access to as part of this role. Any of the sub-folders can be selected, and I can further expand the folders to grant access to additional items. Once I make my selections I can save the role.

By combining this feature with lakehouse schemas, you can now create a single shortcut to data and manage security for hundreds or thousands of different users with ease.

Securing shortcut sub-folders with OneLake data access roles is available now in public preview. Try it out and leave a comment below with any questions or feedback.

Next steps

Get started with OneLake data access roles.

Learn more about security in OneLake.

Related blog posts

Define security on folders within a shortcut using OneLake data access roles

Blog's featured image

The future of data security is interoperability: a technical look at OneLake security
February 5, 2026 by Aaron Merrill

Enterprises have never had more ways to store and analyze data. As data spreads across clouds, formats, and analytics engines, security policies tend to fragment along the same lines: each system brings its own model, its own controls, and its own blind spots. The result is a patchwork of inconsistent enforcement, duplicated effort, and higher risk. Yet … Continue reading “The future of data security is interoperability: a technical look at OneLake security”

Read more
Blog's featured image

Microsoft OneLake and Snowflake interoperability (Generally Available)
February 3, 2026 by Arun Ulagaratchagan

Data teams today are under extraordinary pressure. Expectations around analytics and AI have never been higher, yet enterprise data continues to live across a patchwork of systems, tools, and platforms. The result is friction, duplication, and complexity, making it harder for data teams to provide a unified, real-time view of their business. Microsoft and Snowflake … Continue reading “Microsoft OneLake and Snowflake interoperability (Generally Available)”

Read more