OneLake security – updates and news
It’s been almost 3 months since we announced OneLake security at FabCon 2025 in Las Vegas, and while the interest has not slowed down, we’ve also been working behind the scenes to improve the feature and address your feedback. In this blog post, we’ll go through some of the latest updates on OneLake security including further support for OneLake shortcuts, improved RLS authoring, and updated permissions to manage OneLake security.
Deeper support for OneLake shortcuts
When we first announced OneLake security, there was a limitation with shortcuts and Spark notebooks. Many of you highlighted this as a key scenario for your architecture, and we released shortcut support for Spark back in May.
Now, we are updating the behavior around shortcut creation. Users can create shortcuts to tables where they have limited access due to RLS and CLS. This allows downstream data consumers to utilize OneLake’s single copy of data while leveraging RLS or CLS to keep data safe.
I published a blog post a few weeks ago that outlined some of the common use cases with OneLake security and shortcuts, and I highly recommend taking a look at that to see how you can combine shortcuts and OneLake security together.
Improved RLS authoring
Row level security (RLS) is a key feature for keeping sensitive data secure. RLS has overwhelmingly been the most used feature of OneLake security. To improve the RLS authoring experience, we’re excited to announce that auto-complete for column names will be available in early July.
With auto-complete, you can simply begin typing in the RLS editor and it will autofill the first part of the statement while recommending column names based on the table’s schema.
Change in permissions to manage OneLake security
At launch, OneLake security let any user with Write access view and edit OneLake security roles. This meant that Admins, Members, and even Contributors could all manage OneLake security. Based on your feedback, we are making a change to the necessary permissions so that Reshare and Write permissions are both required. This means that only Admins and Members will be able to edit the OneLake security roles.
Editing security is a privileged capability, and this permissions change aligns with the intentions of the Reshare permission in governing what Fabric items a user can see.
This change will start to be rolled out to our early access users in July and should complete by mid-August. To avoid any impacts on your existing workflows, make sure that the users or principals managing your OneLake security roles have the required permissions.
More detailed OneLake security documentation
The documentation for OneLake security has now been updated with more detailed steps and examples for getting started. We’re taking an increased focus on making incremental documentation updates, stay informed on the latest improvements and changes.
Sign up for OneLake security!
OneLake security is still in early access, but you can sign up to get your workspaces enabled at OneLake security (Preview).
