Microsoft Fabric has been out there for a bit already and new features keep emerging almost constantly. Keeping up isn't a piece of cake, especially it seems that there are (too) many options out there for securing data, aren't there?

As with all security topics, it requires some in-depth consideration to achieve the proper result. You need to protect your data from things such as accidental deletion, manipulation, unwanted resharing, and other big headaches. Developing an appropriate security plan requires you to be aware of all the options that Microsoft Fabric offers. And here is where you have to make your way through the labyrinth of different data restriction possibilities.

According to the "Microsoft Fabric security white paper", the multi-layer security model of Fabric offers workspace permissions, item permissions, and granular permissions for each Fabric engine. In this session, I aim to break this down into simple terms to spare you reading the entire paper (and all the linked content). You'll walk out with an overview of

- Workspace roles: Why it is a good idea to assign them to security groups or M365 groups
- Item level security: How to control access to individual Fabric items when users do not have access to a workspace and why you should generally stay away from it.
- Securing the SQL Analytics endpoint: Applying object-level security, column-level security, row-level security, and dynamic data masking.

But wait, there's more! Currently in preview, OneLake data access roles apply role-based access control to data stored in OneLake, determining what folders user see when accessing the "lake view" of the data via the lakehouse, UX, notebooks, or OneLake APIs.

That raises questions: Does this mean OneLake RBAC applies to Lakehouse Items only?! Does OneLake RBAC work together with Workspace roles? Can OneLake RBAC roles be combined with Lakehouse item permissions? What about SQL Analytics endpoints? Or Shortcuts?

It is apparent why permission assignment isn't anyone's favorite topic. However, hopefully after this session you'll find that the labyrinth of data restriction options no longer feels overwhelming. Knowing your way around this labyrinth gives you the confidence to apply access control in practice to keep all data in Fabric perfectly secure.