By default, Direct Lake storage mode accesses data in a Microsoft Fabric lakehouse or warehouse by using single sign-on (SSO). With SSO, the credentials of the user interacting with the Power BI report (or XMLA client tool) must have permission to query the underlying lakehouse or warehouse.However, it's possible to use stored credentials, in which case the dataset owner can disable SSO. That means end users don't require permission to query the underlying lakehouse or warehouse, and data security can be set up in the Power BI dataset. Direct Lake datasets can implement dataset data security, like row-level security (RLS) and object-level security (OLS).