How do you manage access control lists (ACLs) in OneLake?

OneLake uses access control lists attached to folders and datasets to manage who can view or modify data. By assigning read and write permissions to specific users or groups on those resources, you implement precise access rights. Following the least-privilege principle means granting only the minimum permissions each user needs to do their job, reducing risk. Keeping an audit trail of permission changes and data-access events helps you verify compliance and detect unusual activity. This approach is preferable because ACLs are explicit and flexible, allowing both read and write rights as needed, and they can be adjusted by authorized admins. They aren’t automatically fixed, they aren’t limited to read-only, and they aren’t deprecated in favor of a single, blanket role model—RBAC and ACLs can work together to provide both broad and fine-grained access control.