Solved: OneLake Security (OneSecurity) - RLS?

frithjof_v · ‎01-14-2024

Hi,

I am interested to know more about the OneLake Security updates (which are estimated to be released in Q2 2024).

My understanding so far, is that the main principle of OneSecurity will be to apply security permissions directly on the files/folders/tables in OneLake, and that these security permissions will apply everywhere these files and tables are being used (no matter which workspace, artifact or compute engine).

Will OneSecurity also include Row Level Security, or will Row Level Security features only be possible to define in the SQL engine and PBI semantic model?

This will be interesting to know, because we are looking into best practices for sharing data in our organization 😃

Thank you!

v-cboorla-msft · ‎01-16-2024

Hi @frithjof_v

Thanks for using Microsoft Fabric Community.

Your understanding of OneSecurity is correct. It aims to simplify data security in OneLake by applying permissions directly to files, folders, and tables, ensuring consistent access control across workspaces, artifacts, and compute engines.

No, OneSecurity won't directly include built-in Row Level Security (RLS) functionality. Instead, it'll focus on broader access control for files, folders, and tables in OneLake. Think of it as a gatekeeper, deciding who can enter the data room. RLS, on the other hand, acts like a security guard within the room itself. It uses user attributes and data content to determine which specific rows each visitor can see. This granular filtering ensures sensitive information remains protected even within authorized datasets.

OneSecurity focuses on who can access data, while existing RLS solutions determine what data they can see. These approaches complement each other, with OneSecurity simplifying overall access control and RLS solutions providing fine-grained data filtering based on user attributes.

Microsoft's plans for integration between OneSecurity and RLS are still evolving. I highly recommend staying updated with their official announcements, documentation, and developer resources to learn about the latest developments and best practices.

For more information related to updates please refer: Link

I hope this information helps. Please do let us know if you have any further questions.

Thanks

View solution in original post

v-cboorla-msft · ‎01-16-2024

Hi @frithjof_v

Thanks for using Microsoft Fabric Community.

Your understanding of OneSecurity is correct. It aims to simplify data security in OneLake by applying permissions directly to files, folders, and tables, ensuring consistent access control across workspaces, artifacts, and compute engines.

No, OneSecurity won't directly include built-in Row Level Security (RLS) functionality. Instead, it'll focus on broader access control for files, folders, and tables in OneLake. Think of it as a gatekeeper, deciding who can enter the data room. RLS, on the other hand, acts like a security guard within the room itself. It uses user attributes and data content to determine which specific rows each visitor can see. This granular filtering ensures sensitive information remains protected even within authorized datasets.

OneSecurity focuses on who can access data, while existing RLS solutions determine what data they can see. These approaches complement each other, with OneSecurity simplifying overall access control and RLS solutions providing fine-grained data filtering based on user attributes.

Microsoft's plans for integration between OneSecurity and RLS are still evolving. I highly recommend staying updated with their official announcements, documentation, and developer resources to learn about the latest developments and best practices.

For more information related to updates please refer: Link

I hope this information helps. Please do let us know if you have any further questions.

Thanks