diff --git a/Security/README.md b/Security/README.md index 4187475..f58672d 100644 --- a/Security/README.md +++ b/Security/README.md @@ -10,6 +10,8 @@ Last updated: 2025-05-08 ------------------------------------------ - [Lakehouse Permissions](./LakehousePermissions.md): Lakehouse, Semantic Model, SQL Endpoint +- [Warehouse Permissions](./WarehousePermissions.md): Warehouse, Semantic Model +- [Semantic Models Permissions](./SemanticModelsPermissions.md): Semantic Models

Total Visitors

diff --git a/Security/SemanticModelsPermissions.md b/Security/SemanticModelsPermissions.md new file mode 100644 index 0000000..ffa72bf --- /dev/null +++ b/Security/SemanticModelsPermissions.md @@ -0,0 +1,45 @@ +# Semantic Models: Security \& Governance + +Costa Rica + +[![GitHub](https://img.shields.io/badge/--181717?logo=github&logoColor=ffffff)](https://github.com/) +[brown9804](https://github.com/brown9804) + +Last updated: 2025-05-08 + +------------------------------------------ + +
+List of References (Click to expand) + +- [OneLake data access control model (preview)](https://learn.microsoft.com/en-us/fabric/onelake/security/data-access-control-model) +- [Permission model](https://learn.microsoft.com/en-us/fabric/security/permission-model) +- [Manage Direct Lake semantic models](https://learn.microsoft.com/en-us/fabric/fundamentals/direct-lake-manage) + +
+ +> Semantic Model is a `curated layer` that provides a `business-friendly view of data`. It abstracts complex data structures into understandable entities, measures, and relationships, enabling users to create reports and perform analysis without needing to write complex queries. E.g `custom data view`. + +
+ + image + +
+ +
+ + image + +
+ +| **Permission** | **Definition** | **Use Cases** | +|----------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------| +| Allow recipients to modify this dataset | Grants users the ability to make changes to the semantic model, including schema and data updates. | - `Data Modeling`: Adjusting measures, columns, or relationships.
- `Collaboration`: Co-authoring datasets with team members. | +| Allow recipients to share this semantic model | Lets users share the semantic model with others. | - `Team Access`: Granting access to additional users.
- `Self-service BI`: Empowering users to manage access without admin intervention. | +| Allow recipients to build content with the data associated with this semantic model | Enables users to create reports, dashboards, and other content using the semantic model. | - `Power BI Reports`: Building visuals and dashboards.
- `Embedded Analytics`: Using the model in apps or portals.
- `Ad hoc Analysis`: Exploring data. | +| Send an email notification | Sends an email to notify the recipient about the access granted. | - `Communication`: Ensuring users are informed of their new access.
- `Onboarding`: Helping users get started with the semantic model. | + +
+

Total Visitors

+ Visitor Count +
diff --git a/Security/WarehousePermissions.md b/Security/WarehousePermissions.md new file mode 100644 index 0000000..db33ceb --- /dev/null +++ b/Security/WarehousePermissions.md @@ -0,0 +1,131 @@ +# Warehouse: Security \& Governance + +Costa Rica + +[![GitHub](https://img.shields.io/badge/--181717?logo=github&logoColor=ffffff)](https://github.com/) +[brown9804](https://github.com/brown9804) + +Last updated: 2025-05-08 + +------------------------------------------ + +
+List of References (Click to expand) + +- [Security for data warehousing in Microsoft Fabric](https://learn.microsoft.com/en-us/fabric/data-warehouse/security) +- [Permission model](https://learn.microsoft.com/en-us/fabric/security/permission-model) +- [Share your data and manage permissions](https://learn.microsoft.com/en-us/fabric/data-warehouse/share-warehouse-manage-permissions) + +
+ +
+Table of Contents (Click to expand) + +- [Read all data using SQL](#read-all-data-using-sql) +- [Read all OneLake data and subscribe to events](#read-all-onelake-data-and-subscribe-to-events) +- [Build reports on the default semantic models](#build-reports-on-the-default-semantic-models) +- [Monitor queries](#monitor-queries) +- [Audit queries](#audit-queries) +- [Share granted permissions](#share-granted-permissions) + +
+ +> `Data Warehouse` is a centralized repository for `storing large volumes of structured data`. It is optimized for querying and analysis, providing high-performance SQL-based analytics. + +
+ + image + +
+ +| **Permission** | **Definition** | **Use Cases** | +|-----------------------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Read all data using SQL (`ReadData`) | Allows querying all data in the warehouse using SQL. | - `Power BI` or `Excel`: Running SQL queries for reporting.
- `Data Factory`: Using SQL queries in pipelines.
- `Custom Apps`: Querying warehouse data for dashboards or APIs. | +| Read all OneLake data and subscribe to events (`ReadAll`, `SubscribeOneLakeEvents`) | Grants access to all data stored in OneLake and allows subscribing to data change events. | - `Data Pipelines`: Reading raw or curated data from OneLake.
- `Event-driven Workflows`: Triggering actions when data changes.
- `Monitoring Tools`: Subscribing to data refresh or ingestion events. | +| Build reports on the default semantic model (`Build`) | Allows building and publishing reports using the default semantic model. | - `Power BI`: Creating dashboards and reports.
- `Collaborative BI`: Sharing insights across teams.
- `Embedded Analytics`: Integrating reports into apps or portals. | +| Monitor queries (`Monitor`) | Enables visibility into query performance and execution. | - `Performance Tuning`: Identifying slow queries.
- `Operational Monitoring`: Tracking query load and usage.
- `Capacity Planning`: Understanding resource consumption. | +| Audit queries (`Audit`) – PREVIEW | Allows auditing of query activity for compliance and governance. | - `Security Audits`: Reviewing who queried what and when.
- `Compliance Reporting`: Ensuring data access policies are followed.
- `Anomaly Detection`: Spotting unusual query patterns. | +| Share granted permissions (`Reshare`) | Allows users to share permissions they’ve been granted with others. | - `Collaboration`: Delegating access to teammates.
- `Data Stewardship`: Empowering trusted users to manage access.
- `Self-service BI`: Enabling broader access without admin bottlenecks. | + + + +## Read all data using SQL + +> Permissions: +> +> - Read
+> - Read Data + +image + +image + +> Here you can grant:
+> +> - Reshare
+> - Build
+> - Write + +image + +image + +## Read all OneLake data and subscribe to events + +> Permissions: +> +> - Read
+> - Read All
+> - Subscribe OneLake Events + +image + +image + +## Build reports on the default semantic models + +> Permissions: +> +> - Read
+ +image + +image + +## Monitor queries + +> Permissions: +> +> - Read
+> - Monitor + +image + +image + +## Audit queries + +> Permissions: +> +> - Read
+> - Audit + +image + +image + +## Share granted permissions + +> Permissions: +> +> - Read
+> - Reshare + +image + +image + +
+

Total Visitors

+ Visitor Count +