fabric-security-governancelisted

# Fabric Security Governance ## 1. Overview Microsoft Fabric Security Governance covers the controls that protect data across the entire Fabric platform — from workspace access and item-level permissions, through sensitivity labels and data classification, to audit logs and compliance reporting. This skill provides production-ready patterns for organizations that need to demonstrate least-privilege access, regulatory compliance, and data lineage traceability across their Fabric estate. **Security layers in Fabric**: | Layer | Controls | Managed Via | |-------|----------|-------------| | Workspace RBAC | Admin / Member / Contributor / Viewer roles | Fabric portal, REST API, PowerShell | | Item-level permissions | Share individual items with specific permissions | Fabric portal, REST API | | Semantic model security | RLS (row-level), OLS (object-level) | Power BI Desktop, Tabular Editor, XMLA | | OneLake data access | ADLS Gen2 ACLs, Fabric OneLake shortcuts | Azure portal, REST API | | Sensitivity labels | Microsoft Purview MIP labels applied to items | Fabric portal, Purview portal, REST API | | Audit logs | Microsoft 365 Unified Audit Log | Microsoft 365 compliance center, REST API | | Data lineage | Fabric lineage view, Microsoft Purview Data Map | Fabric portal, Purview portal | --- ## 2. Quick Start ### Assess a Workspace for Least-Privilege Compliance ```bash # 1. List workspace role assignments curl "https://api.fabric.microsoft.com/v1/workspaces/${WORKSPACE_ID}/