Data warehouse in Microsoft Fabric is a comprehensive platform for data and analytics, featuring advanced query processing and full transactional T-SQL capabilities for easy data management and analysis.
Microsoft Fabric data warehouse is a complete platform for data, analytics, and AI (Artificial Intelligence). It refers to the process of storing, organizing, and managing large volumes of structured and semi-structured data.
In a warehouse, administrators have access to a suite of technologies aimed at safeguarding sensitive information. These security measures are capable of securing or masking data from users or roles without proper authorization, ensuring data protection across both Warehouse and SQL analytics endpoints. This ensures a smooth and secure user experience, with no need for alterations to the existing applications.
Microsoft Fabric following security features allows for sophisticated security mechanism at the warehouse level:
Workspaces roles – Designed to provide different levels of access and control within the workspace. You can assign users to the various workspace roles such as Admin, Member, Contributor, and Viewer.
Item permissions – Individual warehouses can have item permissions assigned to facilitate the sharing of the Warehouse for downstream use.
Data protection security – For more precise control, you can use T-SQL to grant specific permissions to users. Warehouse supports a range of data protection features that enable administrators to shield sensitive data from unauthorized access. This includes object-level security for database objects, column-level security for table columns, row-level security for table rows using WHERE clause filters, and dynamic data masking to obscure sensitive data like email addresses. These features ensure data protection across Warehouses and SQL analytics endpoints without necessitating changes to applications.
Dynamic data masking offers several key benefits that enhance the security and manageability of your data like the actual data remains intact and secure, while nonprivileged users only see a masked version of the data.
-- For Email
ALTER TABLE Customers
ALTER COLUMN Email ADD MASKED WITH (FUNCTION = 'email()');
-- For PhoneNumber
ALTER TABLE Customers
ALTER COLUMN PhoneNumber ADD MASKED WITH (FUNCTION = 'partial(3,"XXX-XXX-",4)');
-- For CreditCardNumber
ALTER TABLE Customers
ALTER COLUMN CreditCardNumber ADD MASKED WITH (FUNCTION = 'partial(4,"XXXX-XXXX-XXXX-",4)');
The Masked data will looks like as:
CustomerName: John Doe
Email: j*****@contoso.com
PhoneNumber: XXX-XXX-7890
CreditCardNumber: XXXX-XXXX-XXXX-3456
As you can see, the sensitive data is hidden from the nonprivileged user, enhancing the security of your data.
Row-level security:
This feature that provides granular control over access to rows in a table based on group membership or execution context.
For example, in an e-commerce platform, you can ensure that sellers only have access to order rows that are related to their own products. This way, each seller can manage their orders independently, while maintaining the privacy of other sellers’ order information.
Column-level security:
It provides granular control and allows you to restrict column access in order to protect sensitive data and access specific pieces of data, enhancing the overall security of your data warehouse.
Column-level security can help ensure that sensitive information is only accessible to those who are authorized to see it
No comments:
Post a Comment