Get startedGet started for free

Security roles in Fabric

1. Security roles in Fabric

In this video, we'll explore the different role types in Fabric workspaces, their permissions, and how to assign them within a workspace.

2. What is a workspace?

A workspace is essentially a container that holds various Fabric items and can be shared with other users. In Chapter 2, you will learn in detail about more advanced concepts, including the differences between Workspace, Capacity, and Tenant. For now, let's focus on the roles within a workspace.

3. The Four Workspace Access Roles

Within a workspace, you can assign four different roles. Each role builds upon the permissions of the previous one, creating a hierarchy of access levels. Let's start with the Viewer: a viewer can view and interact with content but cannot edit or create.

4. The Four Workspace Access Roles

Then, a Contributor Can create and edit content, but cannot manage workspace settings. This is usually assigned to content creators like Data Analysts that are publishing new reports.

5. The Four Workspace Access Roles

Next, the Member can create, edit, and publish content, and has some additional capabilities. For example, they can add (but not remove) other users to the workspace or publish a Power BI app.

6. The Four Workspace Access Roles

Lastly, the Admin has full control over the workspace, including managing access and settings.

7. How to Assign Workspace Roles in Fabric

Now, let's see how to assign roles within a Fabric workspace: First, navigate to the workspace settings. Click on Manage Access, then use the 'Add people or groups' option to select users or groups by entering their emails. Finally, choose the appropriate role from the dropdown menu and click 'Add' to confirm the assignment.

8. Security Best Practices

When assigning roles, it's better to consider some best practices. A famous one is the principle of least privilege. Always assign the minimum necessary permissions. For example, if there is no need for a reader of a report to edit its content, use "Viewer" role instead of "Contributor". Another best practice, especially in large organizations like Fashionbric, is to use groups to simplify management. In Fabric, groups such as "Team Marketing" are treated as single accounts. When a new member is added to a group, they automatically gain access to all the workspaces assigned to that group. Remember to regularly audit and review role assignments to ensure they remain appropriate. Finally, document your role assignment strategy for consistency and future reference.

9. Let's practice!

Now that you know how Workspace roles works, let's jump into Fabric!