web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
Your Invited to Keeping It Real with the Power Platform
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / How to enforce Row-Lev...
Copilot Studio
Unanswered

How to enforce Row-Level Security for Fabric Data Agent when connected directly to Lakehouse tables

(0) ShareShare
ReportReport
Posted on by RR-16041311-0

Hi Team,

I’m looking for help regarding Row‑Level Security (RLS) with Fabric Data Agent.

Scenario

  • We have created a Fabric Data Agent
  • The Data Agent is directly connected to Lakehouse tables
  • The Data Agent is NOT built on a semantic mode

Requirement

We need row-level security so that users only see the data they’re authorized to see (similar to how RLS works in Power BI)
Example: When a Sales Head logs in through a custom portal and queries the Fabric Data Agent, they should be able to see only the rows assigned to them as the Sales Head. We also have a master table that stores the Sales Head email IDs and their assignments.

Questions

  • Is RLS on Lakehouse tables expected to be enforced when accessed via Fabric Data Agent?
  • Is there any supported way to implement RLS for a Data Agent built directly on Lakehouse tables (without using a semantic model)?
Categories:
Autonomous agents
I have the same question (0)
  • AP-26031104-0 Profile Picture
    AP-26031104-0 Microsoft Employee on at

    Hi RR-16041311-0

    Thanks for outlining your scenario.

    Current Behavior

    RLS is not enforced when a Fabric Data Agent is connected directly to Lakehouse tables. RLS in Fabric currently works only through semantic models (Power BI datasets).

    1. Is RLS enforced via Data Agent on Lakehouse tables?

     No, there’s no automatic RLS enforcement in this setup.

    2. Is there a supported way without a semantic model?

     No, not natively supported today.

     Recommended Options


    • Use a Semantic Model (Recommended):

      Build a model on top of the Lakehouse and define RLS roles. This is the only secure, supported approach.

    • App-Level Filtering (Workaround):

      Filter data in your custom portal using the logged-in user’s email and mapping table.

      Requires strict handling to avoid security gaps.

    • SQL Views (Workaround):

      Create filtered views per user/group, but this is not true RLS.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Your Invited to Keeping It Real with the Power Platform

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Valantis Profile Picture

Valantis 611

#2
chiaraalina Profile Picture

chiaraalina 137 Super User 2026 Season 1

#3
Haque Profile Picture

Haque 133

Last 30 days Overall leaderboard

Featured topics

Announcing the "Microsoft Copilot Studio ❤️ MCP" lab
Block PII/PCI in Copilot Studio agent user prompt
Welcome to the Copilot Studio forum!

Product updates

Microsoft Power Platform Community release plans