OneLake Security: A Deep Dive

Security is no longer just about locking down data—it’s about enabling safe, scalable, and governed access across your entire analytics platform. In this deep dive session, we’ll uncover how OneLake Security operates under the hood and show you what’s really happening when you secure data in Lakehouses, Semantic Models, and Warehouses within Microsoft Fabric.

We’ll start by contrasting the “before Fabric” world—where security was often fragmented and siloed—with the “after Fabric” approach, which unifies access through centralized roles, policy-driven controls, and consistent enforcement across all data experiences.

Expect a technical walkthrough of how OneLake handles access at multiple levels: from workspace roles and OneLake data access roles, to folder and table permissions, row-level filters, and column-level restrictions. We’ll go behind the scenes to show how these mechanisms are enforced internally—whether you're accessing the data via Spark in a Lakehouse, SQL in a Warehouse, or consuming it through a Semantic Model in Power BI.

You’ll also gain insight into how shortcuts behave across domains, how Fabric ensures isolation and inheritance, and what best practices to follow to maintain a secure and compliant data environment.

If you’re responsible for data security, architecture, or governance in Fabric, this session will arm you with both a conceptual understanding and a technical foundation to secure your analytics estate—end to end.

Understand OneLake Security internals: Learn how security is designed and enforced across Lakehouses, Warehouses, and Semantic Models in Microsoft Fabric. Apply unified access controls: Gain practical insight into roles, policies, row- and column-level security, and how access is governed across different data experiences. Adopt security best practices: Discover recommended patterns for securing, isolating, and managing access in a scalable and compliant Fabric analytics environment.