Manage OneLake security for Mirrored Databases (Preview)
OneLake security now supports Mirrored Databases in Microsoft Fabric with the ability to define OneLake data access roles on all Mirrored item types. This update brings granular, role-based access control to data replicated into OneLake from transactional systems, extending the OneLake security model beyond lakehouses and enabling secure reuse of mirrored data across the organization.
Mirroring in Fabric is a low-cost and low-latency solution to bring data from various systems together into a single analytics platform. You can continuously replicate your existing data estate directly into Fabric’s OneLake from a variety of Azure databases and external data sources. Until now, access to mirrored data in OneLake was enforced at a coarse level, limiting scenarios where teams needed access to only specific replicated tables. With this update, customers can define data access roles directly on Mirrored items, allowing access to be granted at the table or folder level and enforced consistently at the OneLake layer.
This release supports all Mirrored item types in Fabric. Once enabled on a Mirrored artifact, OneLake data access roles control who can read replicated data stored in OneLake, regardless of how that data is consumed. Security is evaluated as data is accessed, ensuring that users only see the data they are authorized to access. Shortcuts created to mirrored data automatically respect the security defined on the source Mirrored item, making it safe to share mirrored data broadly without duplicating or re-securing it.
Managing OneLake security for Mirrored items follows the same familiar experience used across other OneLake-backed workloads. From the Mirrored item experience in Fabric, users can enable OneLake data access roles and define roles that grant access to specific tables or folders, then assign users or groups to those roles. This opt-in experience helps ensure a smooth transition for existing mirrored workloads while bringing them into the OneLake security model.
By attaching security directly to the data in OneLake, this update significantly improves reuse and collaboration scenarios. Teams can mirror data once, define fine-grained access controls at the source, and allow other teams to create shortcuts to only the data they are permitted to see. This reduces data duplication, simplifies governance, and ensures consistent enforcement as data flows through Fabric.
To learn more about OneLake data access roles and the underlying security model, visit the OneLake security documentation on Microsoft Learn.
