🔒 Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided DP-600 Domain 1
Domain 1 — Module 1 of 7 14%
1 of 29 overall

DP-600 Study Guide

Domain 1: Maintain a Data Analytics Solution

  • Workspace Access Controls
  • Row-Level & Object-Level Security
  • Sensitivity Labels & Endorsement
  • Git Version Control in Fabric
  • Deployment Pipelines: Dev → Test → Prod
  • Impact Analysis & Dependencies
  • XMLA Endpoint & Reusable Assets

Domain 2: Prepare Data

  • Microsoft Fabric: The Big Picture Free
  • Lakehouses: Your Data Foundation Free
  • Warehouses in Fabric Free
  • Choosing the Right Data Store Free
  • Data Connections & OneLake Catalog
  • Shortcuts & OneLake Integration
  • Ingesting Data: Dataflows Gen2 & Pipelines
  • Star Schema Design Free
  • SQL Objects: Views, Functions & Stored Procedures
  • Transforming Data: Reshape & Enrich
  • Data Quality & Cleansing
  • Querying with SQL
  • Querying with KQL
  • Querying with DAX

Domain 3: Implement and Manage Semantic Models

  • Semantic Models: Storage Modes
  • Relationships & Advanced Modeling
  • DAX Essentials: Variables & Functions
  • Calculation Groups & Field Parameters
  • Large Models & Composite Models
  • Direct Lake Mode
  • DAX Performance Optimization
  • Incremental Refresh

DP-600 Study Guide

Domain 1: Maintain a Data Analytics Solution

  • Workspace Access Controls
  • Row-Level & Object-Level Security
  • Sensitivity Labels & Endorsement
  • Git Version Control in Fabric
  • Deployment Pipelines: Dev → Test → Prod
  • Impact Analysis & Dependencies
  • XMLA Endpoint & Reusable Assets

Domain 2: Prepare Data

  • Microsoft Fabric: The Big Picture Free
  • Lakehouses: Your Data Foundation Free
  • Warehouses in Fabric Free
  • Choosing the Right Data Store Free
  • Data Connections & OneLake Catalog
  • Shortcuts & OneLake Integration
  • Ingesting Data: Dataflows Gen2 & Pipelines
  • Star Schema Design Free
  • SQL Objects: Views, Functions & Stored Procedures
  • Transforming Data: Reshape & Enrich
  • Data Quality & Cleansing
  • Querying with SQL
  • Querying with KQL
  • Querying with DAX

Domain 3: Implement and Manage Semantic Models

  • Semantic Models: Storage Modes
  • Relationships & Advanced Modeling
  • DAX Essentials: Variables & Functions
  • Calculation Groups & Field Parameters
  • Large Models & Composite Models
  • Direct Lake Mode
  • DAX Performance Optimization
  • Incremental Refresh
Domain 1: Maintain a Data Analytics Solution Premium ⏱ ~12 min read

Workspace Access Controls

Secure your Fabric workspace. Workspace roles, item-level permissions, and the principle of least privilege — the first layer of Fabric security.

Securing Fabric workspaces

☕ Simple explanation

Think of workspace security like access cards in an office building.

Some people have a master key (Admin) — they can open every door. Others have a team card (Member) — they can access their floor but not the server room. Visitors get a guest badge (Viewer) — they can walk around and look, but they cannot change anything.

In Fabric, workspace roles are the access cards. They control who can create, modify, share, and view items in the workspace. Item-level permissions are like individual office locks — even if you have floor access, some rooms require additional approval.

Fabric security operates at multiple layers: workspace roles (coarse-grained — applies to all items), item-level permissions (fine-grained — per-item sharing), and data-level security (RLS/CLS/OLS — controls what data users see). This module covers the first two. Data-level security is in the next module.

Workspace roles

Admin > Member > Contributor > Viewer — grant the minimum needed
CapabilityAdminMemberContributorViewer
View items and read dataYesYesYesYes
Create and edit itemsYesYesYesNo
Share items with othersYesYesNoNo
Manage workspace settings and rolesYesNoNoNo
Delete workspaceYesNoNoNo
Publish contentYesYesYesNo

Best practices

  • Viewers for report consumers
  • Contributors for data engineers and report builders
  • Members for team leads who need to share content
  • Admins for workspace owners only (1-2 people)
  • Use Entra ID security groups for scalable management

Item-level permissions

You can share specific items with users who are NOT workspace members:

PermissionWhat It Grants
ReadView the report or query the model
BuildCreate new reports on top of a shared semantic model
ReshareShare the item with other users
💡 Exam tip: Build permission

Build lets a user create their own reports using a shared semantic model. It does NOT let them edit the model. Build is granted via item sharing, NOT via workspace roles. A workspace Viewer + model Build permission = can view reports AND create their own.

Question

What are the four Fabric workspace roles?

Click or press Enter to reveal answer

Answer

Admin > Member > Contributor > Viewer. Admin manages everything. Member can share. Contributor can create/edit. Viewer can only read.

Click to flip back
Question

What does Build permission on a semantic model allow?

Click or press Enter to reveal answer

Answer

Build lets a user create new reports using the shared semantic model as a data source. It does NOT let them edit the model itself.

Click to flip back
Question

What is the difference between workspace-level and item-level permissions?

Click or press Enter to reveal answer

Answer

Workspace roles apply to ALL items in the workspace (coarse). Item-level permissions (Read, Build, Reshare) apply to specific items and can be granted to users outside the workspace. Use item sharing for cross-workspace collaboration.

Click to flip back
Knowledge Check

James needs a junior analyst to build reports but NOT share them externally. Which role?
Knowledge Check

Raj at Atlas Capital shares a semantic model with 20 analysts via item sharing with Build permission. The analysts are NOT workspace members. Can they create reports on the model?

🎬 Video coming soon

Next up: Row-Level & Object-Level Security — control what data users see.

Next →

Row-Level & Object-Level Security

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.