From e707fa4bae10f07f28a4121bcbd9767edd68f847 Mon Sep 17 00:00:00 2001 From: Timna Brown <24630902+brown9804@users.noreply.github.com> Date: Thu, 8 May 2025 08:13:18 -0600 Subject: [PATCH 1/7] overview lakehouse permissions --- Security/README.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/Security/README.md b/Security/README.md index fc9d44a..4965f84 100644 --- a/Security/README.md +++ b/Security/README.md @@ -25,6 +25,50 @@ Last updated: 2025-02-03 https://github.com/user-attachments/assets/2974bdee-4b02-4750-ba6c-b745215e0f82 +### Read all SQL endpoint data + +> Permissions: +> - Read
+> - Read All
+> - Subscribe OneLake Events + + +> Lakehouse Manage Permissions: + +image | + +image + +> When `Read all SQL endpoint data`: + +image + +> `Read` access is granted, you add more permissions. + +image + + +### Lakehouse Semantic Model + +> Permissions: +> - Reshare
+> - Build
+> - Write + +image + +image + +### SQL Analytics Endpoint + +> Permissions: +> - Read
+> - Read Data
+> - Read All + +image + +image

Total Visitors

From 9dfa20973bbcec4337077c120a53bbcb85977f18 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 8 May 2025 14:13:42 +0000 Subject: [PATCH 2/7] Update last modified date in Markdown files --- Security/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Security/README.md b/Security/README.md index 4965f84..faaa438 100644 --- a/Security/README.md +++ b/Security/README.md @@ -5,7 +5,7 @@ Costa Rica [![GitHub](https://img.shields.io/badge/--181717?logo=github&logoColor=ffffff)](https://github.com/) [brown9804](https://github.com/brown9804) -Last updated: 2025-02-03 +Last updated: 2025-05-08 ------------------------------------------ From 70a09c7233898976528ec64e0f2ace9b39ff293b Mon Sep 17 00:00:00 2001 From: Timna Brown <24630902+brown9804@users.noreply.github.com> Date: Thu, 8 May 2025 08:16:34 -0600 Subject: [PATCH 3/7] overview simple since more to come --- Security/README.md | 62 ++-------------------------------------------- 1 file changed, 2 insertions(+), 60 deletions(-) diff --git a/Security/README.md b/Security/README.md index faaa438..f5aa0d3 100644 --- a/Security/README.md +++ b/Security/README.md @@ -1,4 +1,4 @@ -# Security \& Governance +# Security \& Governance Overview Costa Rica @@ -10,65 +10,7 @@ Last updated: 2025-05-08 ------------------------------------------ -## Lakehouse Permissions - -> `Lakehouse `is a `specific type of data architecture within Microsoft Fabric `that combines the features of data lakes and data warehouses. `It allows for the storage and processing of both structured and unstructured data`, providing the flexibility of a data lake with the performance and management features of a data warehouse.

- -
- image -
- -| **Permission** | **Definition** | **Use Cases** | -|-----------------------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Read all SQL endpoint data | This permission allows access to SQL-based data endpoints in Microsoft Fabric. | - `Power BI`: Connecting to semantic models or datasets using DirectQuery or Import mode.
- `Data Factory Pipelines`: Reading from or writing to SQL endpoints as part of ETL/ELT processes.
- `OneLake / Gen2 Data Lake`: SQL endpoints can expose structured views over data stored in the lake.
- `Data Activator / Agents`: Agents may use SQL endpoints to monitor or trigger actions based on data changes.
- `Excel / Office Integration`: Connecting Excel to SQL endpoints for live data refresh and pivot analysis.
- `Third-party BI Tools`: Using Tableau, Qlik, etc., to connect to SQL endpoints.
- `Custom Applications`: Internal apps querying SQL endpoints for real-time dashboards. | -| Read all Apache Spark and subscribe to events | This permission relates to Apache Spark workloads, which are more code- and compute-intensive. | - `Notebooks`: Running PySpark, Scala, or SparkSQL code for data exploration and transformation.
- `Machine Learning`: Training models using Spark MLlib or integrating with Azure ML.
- `Data Science Workloads`: Performing large-scale data analysis or feature engineering.
- `Copilot & Agents`: If they need to interact with Spark jobs or listen to Spark events (e.g., job completion).
- `Streaming Analytics`: Real-time data processing using Spark Structured Streaming.
- `Data Engineering Pipelines`: Complex transformations and joins across large datasets.
- `Event-Driven Automation`: Triggering workflows or alerts based on Spark job events.
- `Integration with Delta Lake`: Managing transactional data lakes with ACID guarantees. | - -https://github.com/user-attachments/assets/2974bdee-4b02-4750-ba6c-b745215e0f82 - -### Read all SQL endpoint data - -> Permissions: -> - Read
-> - Read All
-> - Subscribe OneLake Events - - -> Lakehouse Manage Permissions: - -image | - -image - -> When `Read all SQL endpoint data`: - -image - -> `Read` access is granted, you add more permissions. - -image - - -### Lakehouse Semantic Model - -> Permissions: -> - Reshare
-> - Build
-> - Write - -image - -image - -### SQL Analytics Endpoint - -> Permissions: -> - Read
-> - Read Data
-> - Read All - -image - -image +- [Lakehouse Permissions](./LakehousePermissions.md): Lakehouse, Semantic Model, SQL Endpoint

Total Visitors

From 72b065f67fce9c626db9332640efc5598e0ff38c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 8 May 2025 14:16:55 +0000 Subject: [PATCH 4/7] Fix Markdown syntax issues --- Security/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/Security/README.md b/Security/README.md index f5aa0d3..4187475 100644 --- a/Security/README.md +++ b/Security/README.md @@ -9,11 +9,9 @@ Last updated: 2025-05-08 ------------------------------------------ - - [Lakehouse Permissions](./LakehousePermissions.md): Lakehouse, Semantic Model, SQL Endpoint

Total Visitors

Visitor Count
- From 9471d46fa892e5e137c4291c1ea7157634918b6d Mon Sep 17 00:00:00 2001 From: Timna Brown <24630902+brown9804@users.noreply.github.com> Date: Thu, 8 May 2025 08:19:38 -0600 Subject: [PATCH 5/7] alright overview in place --- Security/LakehousePermissions.md | 93 ++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 Security/LakehousePermissions.md diff --git a/Security/LakehousePermissions.md b/Security/LakehousePermissions.md new file mode 100644 index 0000000..ef3a550 --- /dev/null +++ b/Security/LakehousePermissions.md @@ -0,0 +1,93 @@ +# Lakehouse: Security \& Governance + +Costa Rica + +[![GitHub](https://img.shields.io/badge/--181717?logo=github&logoColor=ffffff)](https://github.com/) +[brown9804](https://github.com/brown9804) + +Last updated: 2025-05-08 + +------------------------------------------ + +
+List of References (Click to expand) + +- [Workspace roles in Lakehouse](https://learn.microsoft.com/en-us/fabric/data-engineering/workspace-roles-lakehouse) +- [How lakehouse sharing works](https://learn.microsoft.com/en-us/fabric/data-engineering/lakehouse-sharing) + +
+ + +
+Table of Contents (Click to expand) + +- [Read all SQL endpoint data](#read-all-sql-endpoint-data) +- [Lakehouse Semantic Model](#lakehouse-semantic-model) +- [SQL Analytics Endpoint](#sql-analytics-endpoint) + +
+ + +> `Lakehouse `is a `specific type of data architecture within Microsoft Fabric `that combines the features of data lakes and data warehouses. `It allows for the storage and processing of both structured and unstructured data`, providing the flexibility of a data lake with the performance and management features of a data warehouse.

+ +
+ image +
+ +| **Permission** | **Definition** | **Use Cases** | +|-----------------------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Read all SQL endpoint data | This permission allows access to SQL-based data endpoints in Microsoft Fabric. | - `Power BI`: Connecting to semantic models or datasets using DirectQuery or Import mode.
- `Data Factory Pipelines`: Reading from or writing to SQL endpoints as part of ETL/ELT processes.
- `OneLake / Gen2 Data Lake`: SQL endpoints can expose structured views over data stored in the lake.
- `Data Activator / Agents`: Agents may use SQL endpoints to monitor or trigger actions based on data changes.
- `Excel / Office Integration`: Connecting Excel to SQL endpoints for live data refresh and pivot analysis.
- `Third-party BI Tools`: Using Tableau, Qlik, etc., to connect to SQL endpoints.
- `Custom Applications`: Internal apps querying SQL endpoints for real-time dashboards. | +| Read all Apache Spark and subscribe to events | This permission relates to Apache Spark workloads, which are more code- and compute-intensive. | - `Notebooks`: Running PySpark, Scala, or SparkSQL code for data exploration and transformation.
- `Machine Learning`: Training models using Spark MLlib or integrating with Azure ML.
- `Data Science Workloads`: Performing large-scale data analysis or feature engineering.
- `Copilot & Agents`: If they need to interact with Spark jobs or listen to Spark events (e.g., job completion).
- `Streaming Analytics`: Real-time data processing using Spark Structured Streaming.
- `Data Engineering Pipelines`: Complex transformations and joins across large datasets.
- `Event-Driven Automation`: Triggering workflows or alerts based on Spark job events.
- `Integration with Delta Lake`: Managing transactional data lakes with ACID guarantees. | + +https://github.com/user-attachments/assets/2974bdee-4b02-4750-ba6c-b745215e0f82 + +### Read all SQL endpoint data + +> Permissions: +> - Read
+> - Read All
+> - Subscribe OneLake Events + + +> Lakehouse Manage Permissions: + +image | + +image + +> When `Read all SQL endpoint data`: + +image + +> `Read` access is granted, you add more permissions. + +image + + +### Lakehouse Semantic Model + +> Permissions: +> - Reshare
+> - Build
+> - Write + +image + +image + +### SQL Analytics Endpoint + +> Permissions: +> - Read
+> - Read Data
+> - Read All + +image + +image + +
+

Total Visitors

+ Visitor Count +
+ From 587137d85485b234f7e17f383c89d3d4a03a54c2 Mon Sep 17 00:00:00 2001 From: Timna Brown <24630902+brown9804@users.noreply.github.com> Date: Thu, 8 May 2025 08:21:06 -0600 Subject: [PATCH 6/7] title size --- Security/LakehousePermissions.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Security/LakehousePermissions.md b/Security/LakehousePermissions.md index ef3a550..cf6be8b 100644 --- a/Security/LakehousePermissions.md +++ b/Security/LakehousePermissions.md @@ -41,7 +41,7 @@ Last updated: 2025-05-08 https://github.com/user-attachments/assets/2974bdee-4b02-4750-ba6c-b745215e0f82 -### Read all SQL endpoint data +## Read all SQL endpoint data > Permissions: > - Read
@@ -64,7 +64,7 @@ https://github.com/user-attachments/assets/2974bdee-4b02-4750-ba6c-b745215e0f82 image -### Lakehouse Semantic Model +## Lakehouse Semantic Model > Permissions: > - Reshare
@@ -75,7 +75,7 @@ https://github.com/user-attachments/assets/2974bdee-4b02-4750-ba6c-b745215e0f82 image -### SQL Analytics Endpoint +## SQL Analytics Endpoint > Permissions: > - Read
From 950ae1252deb186652664e36059511466f245608 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 8 May 2025 14:21:24 +0000 Subject: [PATCH 7/7] Fix Markdown syntax issues --- Security/LakehousePermissions.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/Security/LakehousePermissions.md b/Security/LakehousePermissions.md index cf6be8b..cd8142a 100644 --- a/Security/LakehousePermissions.md +++ b/Security/LakehousePermissions.md @@ -17,7 +17,6 @@ Last updated: 2025-05-08 -
Table of Contents (Click to expand) @@ -27,8 +26,7 @@ Last updated: 2025-05-08
- -> `Lakehouse `is a `specific type of data architecture within Microsoft Fabric `that combines the features of data lakes and data warehouses. `It allows for the storage and processing of both structured and unstructured data`, providing the flexibility of a data lake with the performance and management features of a data warehouse.

+> `Lakehouse`is a `specific type of data architecture within Microsoft Fabric`that combines the features of data lakes and data warehouses. `It allows for the storage and processing of both structured and unstructured data`, providing the flexibility of a data lake with the performance and management features of a data warehouse.

image @@ -39,16 +37,16 @@ Last updated: 2025-05-08 | Read all SQL endpoint data | This permission allows access to SQL-based data endpoints in Microsoft Fabric. | - `Power BI`: Connecting to semantic models or datasets using DirectQuery or Import mode.
- `Data Factory Pipelines`: Reading from or writing to SQL endpoints as part of ETL/ELT processes.
- `OneLake / Gen2 Data Lake`: SQL endpoints can expose structured views over data stored in the lake.
- `Data Activator / Agents`: Agents may use SQL endpoints to monitor or trigger actions based on data changes.
- `Excel / Office Integration`: Connecting Excel to SQL endpoints for live data refresh and pivot analysis.
- `Third-party BI Tools`: Using Tableau, Qlik, etc., to connect to SQL endpoints.
- `Custom Applications`: Internal apps querying SQL endpoints for real-time dashboards. | | Read all Apache Spark and subscribe to events | This permission relates to Apache Spark workloads, which are more code- and compute-intensive. | - `Notebooks`: Running PySpark, Scala, or SparkSQL code for data exploration and transformation.
- `Machine Learning`: Training models using Spark MLlib or integrating with Azure ML.
- `Data Science Workloads`: Performing large-scale data analysis or feature engineering.
- `Copilot & Agents`: If they need to interact with Spark jobs or listen to Spark events (e.g., job completion).
- `Streaming Analytics`: Real-time data processing using Spark Structured Streaming.
- `Data Engineering Pipelines`: Complex transformations and joins across large datasets.
- `Event-Driven Automation`: Triggering workflows or alerts based on Spark job events.
- `Integration with Delta Lake`: Managing transactional data lakes with ACID guarantees. | -https://github.com/user-attachments/assets/2974bdee-4b02-4750-ba6c-b745215e0f82 + ## Read all SQL endpoint data > Permissions: +> > - Read
> - Read All
> - Subscribe OneLake Events - > Lakehouse Manage Permissions: image | @@ -63,10 +61,10 @@ https://github.com/user-attachments/assets/2974bdee-4b02-4750-ba6c-b745215e0f82 image - ## Lakehouse Semantic Model > Permissions: +> > - Reshare
> - Build
> - Write @@ -78,6 +76,7 @@ https://github.com/user-attachments/assets/2974bdee-4b02-4750-ba6c-b745215e0f82 ## SQL Analytics Endpoint > Permissions: +> > - Read
> - Read Data
> - Read All @@ -90,4 +89,3 @@ https://github.com/user-attachments/assets/2974bdee-4b02-4750-ba6c-b745215e0f82

Total Visitors

Visitor Count
-