🔒 Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided DP-600 Domain 1
Domain 1 — Module 2 of 7 29%
2 of 29 overall

DP-600 Study Guide

Domain 1: Maintain a Data Analytics Solution

  • Workspace Access Controls
  • Row-Level & Object-Level Security
  • Sensitivity Labels & Endorsement
  • Git Version Control in Fabric
  • Deployment Pipelines: Dev → Test → Prod
  • Impact Analysis & Dependencies
  • XMLA Endpoint & Reusable Assets

Domain 2: Prepare Data

  • Microsoft Fabric: The Big Picture Free
  • Lakehouses: Your Data Foundation Free
  • Warehouses in Fabric Free
  • Choosing the Right Data Store Free
  • Data Connections & OneLake Catalog
  • Shortcuts & OneLake Integration
  • Ingesting Data: Dataflows Gen2 & Pipelines
  • Star Schema Design Free
  • SQL Objects: Views, Functions & Stored Procedures
  • Transforming Data: Reshape & Enrich
  • Data Quality & Cleansing
  • Querying with SQL
  • Querying with KQL
  • Querying with DAX

Domain 3: Implement and Manage Semantic Models

  • Semantic Models: Storage Modes
  • Relationships & Advanced Modeling
  • DAX Essentials: Variables & Functions
  • Calculation Groups & Field Parameters
  • Large Models & Composite Models
  • Direct Lake Mode
  • DAX Performance Optimization
  • Incremental Refresh

DP-600 Study Guide

Domain 1: Maintain a Data Analytics Solution

  • Workspace Access Controls
  • Row-Level & Object-Level Security
  • Sensitivity Labels & Endorsement
  • Git Version Control in Fabric
  • Deployment Pipelines: Dev → Test → Prod
  • Impact Analysis & Dependencies
  • XMLA Endpoint & Reusable Assets

Domain 2: Prepare Data

  • Microsoft Fabric: The Big Picture Free
  • Lakehouses: Your Data Foundation Free
  • Warehouses in Fabric Free
  • Choosing the Right Data Store Free
  • Data Connections & OneLake Catalog
  • Shortcuts & OneLake Integration
  • Ingesting Data: Dataflows Gen2 & Pipelines
  • Star Schema Design Free
  • SQL Objects: Views, Functions & Stored Procedures
  • Transforming Data: Reshape & Enrich
  • Data Quality & Cleansing
  • Querying with SQL
  • Querying with KQL
  • Querying with DAX

Domain 3: Implement and Manage Semantic Models

  • Semantic Models: Storage Modes
  • Relationships & Advanced Modeling
  • DAX Essentials: Variables & Functions
  • Calculation Groups & Field Parameters
  • Large Models & Composite Models
  • Direct Lake Mode
  • DAX Performance Optimization
  • Incremental Refresh
Domain 1: Maintain a Data Analytics Solution Premium ⏱ ~14 min read

Row-Level & Object-Level Security

Control what data users see. RLS, CLS, OLS, and file-level security — same report, different data per user.

Data-level security

☕ Simple explanation

Think of a hospital records system. A nurse on cardiology sees heart patient records (row-level). The billing team sees billing columns but not clinical notes (column-level). Nobody knows the drug trial table exists (object-level).

Four layers: RLS (row filtering by user), CLS (column hiding), OLS (hide tables/columns from metadata entirely), file-level (OneLake storage access).

Row-Level Security (RLS)

RLS filters rows based on user identity using a security mapping table:

-- Role: RegionalAccess — filter on dim_store
[Region] IN
    SELECTCOLUMNS(
        FILTER(SecurityMapping, SecurityMapping[UserEmail] = USERPRINCIPALNAME()),
        "Region", SecurityMapping[Region]
    )

CLS vs OLS

CLS hides data; OLS hides the existence of data
FeatureColumn-Level (CLS)Object-Level (OLS)
Data visible?No — returns blank/restrictedNo — column/table hidden from metadata entirely
Column in field list?Yes — users know it existsNo — users do not know it exists
Measures referencing itReturn blank for restricted usersFAIL for restricted users
ConfigurationTabular Editor / XMLATabular Editor / XMLA
Question

What is RLS?

Click or press Enter to reveal answer

Answer

Row-Level Security filters rows based on user identity. Uses USERPRINCIPALNAME() and a security mapping table. Same report, different data per user.

Click to flip back
Question

What is the difference between CLS and OLS?

Click or press Enter to reveal answer

Answer

CLS hides column DATA but column still exists in metadata. OLS hides column/table from metadata entirely — users do not know it exists. OLS is stricter: measures referencing OLS objects fail.

Click to flip back
Knowledge Check

Dr. Sarah needs cardiology doctors to see only cardiology patients. How?
Question

What does the USERPRINCIPALNAME() function do in RLS?

Click or press Enter to reveal answer

Answer

Returns the email address (UPN) of the current user querying the report. Used inside DAX filter expressions to dynamically match the logged-in user against a security mapping table, so each user sees only their permitted rows.

Click to flip back
Knowledge Check

Raj needs to hide a Salary column in a semantic model so non-HR users do not even know the column exists. Which security feature should he use?

🎬 Video coming soon

Next up: Sensitivity Labels & Endorsement

← Previous

Workspace Access Controls

Next →

Sensitivity Labels & Endorsement

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.