diff --git a/Security/LakehousePermissions.md b/Security/LakehousePermissions.md new file mode 100644 index 0000000..cd8142a --- /dev/null +++ b/Security/LakehousePermissions.md @@ -0,0 +1,91 @@ +# Lakehouse: Security \& Governance + +Costa Rica + +[![GitHub](https://img.shields.io/badge/--181717?logo=github&logoColor=ffffff)](https://github.com/) +[brown9804](https://github.com/brown9804) + +Last updated: 2025-05-08 + +------------------------------------------ + +
+List of References (Click to expand) + +- [Workspace roles in Lakehouse](https://learn.microsoft.com/en-us/fabric/data-engineering/workspace-roles-lakehouse) +- [How lakehouse sharing works](https://learn.microsoft.com/en-us/fabric/data-engineering/lakehouse-sharing) + +
+ +
+Table of Contents (Click to expand) + +- [Read all SQL endpoint data](#read-all-sql-endpoint-data) +- [Lakehouse Semantic Model](#lakehouse-semantic-model) +- [SQL Analytics Endpoint](#sql-analytics-endpoint) + +
+ +> `Lakehouse`is a `specific type of data architecture within Microsoft Fabric`that combines the features of data lakes and data warehouses. `It allows for the storage and processing of both structured and unstructured data`, providing the flexibility of a data lake with the performance and management features of a data warehouse.

+ +
+ image +
+ +| **Permission** | **Definition** | **Use Cases** | +|-----------------------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Read all SQL endpoint data | This permission allows access to SQL-based data endpoints in Microsoft Fabric. | - `Power BI`: Connecting to semantic models or datasets using DirectQuery or Import mode.
- `Data Factory Pipelines`: Reading from or writing to SQL endpoints as part of ETL/ELT processes.
- `OneLake / Gen2 Data Lake`: SQL endpoints can expose structured views over data stored in the lake.
- `Data Activator / Agents`: Agents may use SQL endpoints to monitor or trigger actions based on data changes.
- `Excel / Office Integration`: Connecting Excel to SQL endpoints for live data refresh and pivot analysis.
- `Third-party BI Tools`: Using Tableau, Qlik, etc., to connect to SQL endpoints.
- `Custom Applications`: Internal apps querying SQL endpoints for real-time dashboards. | +| Read all Apache Spark and subscribe to events | This permission relates to Apache Spark workloads, which are more code- and compute-intensive. | - `Notebooks`: Running PySpark, Scala, or SparkSQL code for data exploration and transformation.
- `Machine Learning`: Training models using Spark MLlib or integrating with Azure ML.
- `Data Science Workloads`: Performing large-scale data analysis or feature engineering.
- `Copilot & Agents`: If they need to interact with Spark jobs or listen to Spark events (e.g., job completion).
- `Streaming Analytics`: Real-time data processing using Spark Structured Streaming.
- `Data Engineering Pipelines`: Complex transformations and joins across large datasets.
- `Event-Driven Automation`: Triggering workflows or alerts based on Spark job events.
- `Integration with Delta Lake`: Managing transactional data lakes with ACID guarantees. | + + + +## Read all SQL endpoint data + +> Permissions: +> +> - Read
+> - Read All
+> - Subscribe OneLake Events + +> Lakehouse Manage Permissions: + +image | + +image + +> When `Read all SQL endpoint data`: + +image + +> `Read` access is granted, you add more permissions. + +image + +## Lakehouse Semantic Model + +> Permissions: +> +> - Reshare
+> - Build
+> - Write + +image + +image + +## SQL Analytics Endpoint + +> Permissions: +> +> - Read
+> - Read Data
+> - Read All + +image + +image + +
+

Total Visitors

+ Visitor Count +
diff --git a/Security/README.md b/Security/README.md index fc9d44a..4187475 100644 --- a/Security/README.md +++ b/Security/README.md @@ -1,33 +1,17 @@ -# Security \& Governance +# Security \& Governance Overview Costa Rica [![GitHub](https://img.shields.io/badge/--181717?logo=github&logoColor=ffffff)](https://github.com/) [brown9804](https://github.com/brown9804) -Last updated: 2025-02-03 +Last updated: 2025-05-08 ------------------------------------------ - -## Lakehouse Permissions - -> `Lakehouse `is a `specific type of data architecture within Microsoft Fabric `that combines the features of data lakes and data warehouses. `It allows for the storage and processing of both structured and unstructured data`, providing the flexibility of a data lake with the performance and management features of a data warehouse.

- -
- image -
- -| **Permission** | **Definition** | **Use Cases** | -|-----------------------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Read all SQL endpoint data | This permission allows access to SQL-based data endpoints in Microsoft Fabric. | - `Power BI`: Connecting to semantic models or datasets using DirectQuery or Import mode.
- `Data Factory Pipelines`: Reading from or writing to SQL endpoints as part of ETL/ELT processes.
- `OneLake / Gen2 Data Lake`: SQL endpoints can expose structured views over data stored in the lake.
- `Data Activator / Agents`: Agents may use SQL endpoints to monitor or trigger actions based on data changes.
- `Excel / Office Integration`: Connecting Excel to SQL endpoints for live data refresh and pivot analysis.
- `Third-party BI Tools`: Using Tableau, Qlik, etc., to connect to SQL endpoints.
- `Custom Applications`: Internal apps querying SQL endpoints for real-time dashboards. | -| Read all Apache Spark and subscribe to events | This permission relates to Apache Spark workloads, which are more code- and compute-intensive. | - `Notebooks`: Running PySpark, Scala, or SparkSQL code for data exploration and transformation.
- `Machine Learning`: Training models using Spark MLlib or integrating with Azure ML.
- `Data Science Workloads`: Performing large-scale data analysis or feature engineering.
- `Copilot & Agents`: If they need to interact with Spark jobs or listen to Spark events (e.g., job completion).
- `Streaming Analytics`: Real-time data processing using Spark Structured Streaming.
- `Data Engineering Pipelines`: Complex transformations and joins across large datasets.
- `Event-Driven Automation`: Triggering workflows or alerts based on Spark job events.
- `Integration with Delta Lake`: Managing transactional data lakes with ACID guarantees. | - -https://github.com/user-attachments/assets/2974bdee-4b02-4750-ba6c-b745215e0f82 - +- [Lakehouse Permissions](./LakehousePermissions.md): Lakehouse, Semantic Model, SQL Endpoint

Total Visitors

Visitor Count
-