Merge pull request #50276 from theresa-i/secure-data-access-updates

Module refresh

Author: Stacyrch140

learn-pr/wwl-data-ai/secure-data-access-in-fabric/includes/1-introduction.md

@@ -1,4 +1,4 @@
-Security in Microsoft Fabric is optimized for securing data for specific use cases. Different users need the ability to perform various actions in Fabric to fulfill their job responsibilities. Fabric facilitates this by allowing you to grant users access to specific data workloads through workspace and item permissions, compute permissions, and OneLake data access roles (Preview).
+Security in Microsoft Fabric is optimized for securing data for specific use cases. Different users need the ability to perform various actions in Fabric to fulfill their job responsibilities. Fabric facilitates this by allowing you to grant users access to specific data workloads through workspace and item permissions, compute permissions, and OneLake data access roles (preview).
 
 ## Secure data by use case
 

learn-pr/wwl-data-ai/secure-data-access-in-fabric/includes/2-understand-fabric-security-model.md

@@ -22,4 +22,4 @@ Within each data item, *granular engine permissions* such as Read, ReadData, or
 
 Compute or granular permissions can be applied within a specific compute engine in Fabric, like the SQL Endpoint or semantic model.
 
-Fabric data items store their data in OneLake. Access to data in the lakehouse can be restricted to specific files or folders using the role-based-access control (RBAC) feature called *OneLake data access controls (preview)*.
+Fabric data items store their data in OneLake. Access to data in the lakehouse can be restricted to specific files or folders using the role-based-access control (RBAC) feature called OneLake data access controls (preview).

learn-pr/wwl-data-ai/secure-data-access-in-fabric/includes/3-configure-workspace-and-item-permissions.md

@@ -27,7 +27,7 @@ To meet the access requirements for the new data engineer, you can assign them t
 
 Users can be added to workspace roles from the **Manage access** button from within a workspace. Add a user by entering the user's name and selecting the workspace role to assign them in the **Add people** dialogue.
 
-![Screenshot of clicking the manage access button.](../media/manage-access.png)
+:::image type="content" source="../media/manage-access.png" alt-text="Screenshot of clicking the manage access button." lightbox="../media/manage-access.png":::
 
 ## Configure item permissions
 
@@ -39,11 +39,11 @@ Since the engineer no longer needs to view all items in the workspace, the **Con
 
 An item can be shared and item permissions can be configured by selecting on the ellipsis (...) next to a Fabric item in a workspace and then selecting **Manage permissions**.
 
- ![Screenshot of configuring item permissions.](../media/manage-item-permissions.png)
+ :::image type="content" source="../media/manage-item-permissions.png" alt-text="Screenshot of configuring item permissions. " lightbox="../media/manage-item-permissions.png":::
 
 In the **Grant people access** window that appears after selecting **Manage permissions**, if you add the user and don't select any of the checkboxes under **Additional permissions**, the user will have read access to the lakehouse metadata. The user won't have access to the underlying data in the lakehouse. To grant the engineer the ability to read data and not just metadata, **Read all SQL endpoint data** or **Read all Apache Spark** can be selected. 
 
- ![Screenshot of grant people lakehouse read all access.](../media/grant-people-access-lakehouse.png)
+ :::image type="content" source="../media/grant-people-access-lakehouse.png" alt-text="Screenshot of grant people lakehouse read all access." lightbox="../media/grant-people-access-lakehouse.png":::
 
 > [!Tip]
 > Each Fabric data item has its own security model. To learn more about permissions that can be granted when a lakehouse or other Fabric data item is shared see:

learn-pr/wwl-data-ai/secure-data-access-in-fabric/includes/4-apply-granular-permissions.md

@@ -65,5 +65,5 @@ Granular permissions can be applied to warehouses using the SQL analytics endpoi
 
 A user's role in a workspace implicitly grants them permission on the semantic models in a workspace. Semantic models allow for security to be defined using DAX.  More granular permission can be applied using row-level security (RLS). To learn more about the managing RLS or permissions on the semantic model see:
 
-[Semantic model permissions](/power-bi/connect-data/service-datasets-permissions?azure-portal=true)
-[Row-level security (RLS) with Power BI](/fabric/security/service-admin-row-level-security?azure-portal=true)
+- [Semantic model permissions](/power-bi/connect-data/service-datasets-permissions?azure-portal=true)
+- [Row-level security (RLS) with Power BI](/fabric/security/service-admin-row-level-security?azure-portal=true)