Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article helps you establish data security in your mirrored Azure Databricks in Microsoft Fabric.
Unity Catalog
Users must reconfigure Unity Catalog policies and permissions in Fabric.
To allow Azure Databricks Catalogs to be available in Fabric, see Control external access to data in Unity Catalog.
Unity Catalog policies and permission aren't mirrored in Fabric. Users can't reuse Unity Catalog policies and permissions in Fabric. Permissions set on catalogs, schemas, and tables inside Azure Databricks doesn't carry over to Fabric workspaces. You need to use Fabric's permission model to set access control on objects in Fabric.
The credential used to create the connection to Unity Catalog of this catalog mirroring is used for all data queries.
Use trusted workspace access to access firewall-enabled ADLS storage
When configuring Azure Databricks mirroring to Microsoft Fabric, enable trusted workspace access to access firewall-enabled Azure Data Lake Storage (ADLS) Gen2 accounts.
Trusted workspace access requires creating a connection directly to the ADLS storage account which can be used independently of the Azure Databricks workspace connection. Unity Catalog policies such as RLS/CLM or ABAC are not enforced at the storage layer and will not be applied if a connection is used to directly access storage. Trusted workspace access instead relies on Fabric workspace identities administration and governance.
Follow the steps in the Tutorial to Enable network security access. It is recommended to give granular control on the storage account by specifying a specific folder within a container, and Assign Azure roles using the Azure portal.
Permissions
Permissions set on catalogs, schemas, and tables in your Azure Databricks workspace can't be replicated to your Fabric workspace. Use Fabric's permissions model to set access controls for catalogs, schemas, and tables in Fabric.
When selecting objects to mirror, you can only see the catalogs/schemas/tables that you have access to as per the privileges that are granted to them as per the privilege model described at Unity Catalog privileges and securable objects.
For more information on setting up Fabric Workspace security, see the Permission model and Roles in workspaces in Microsoft Fabric.