Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
1.3.1. The Security Layers
Microsoft Fabric implements security at multiple levels, and the exam tests whether you understand which level solves which problem:
| Security Level | Controls | Use Case |
|---|---|---|
| Workspace | Who can see/edit items | Team access boundaries |
| Item | Permissions on specific lakehouse, pipeline | Shared resources across teams |
| Row-Level (RLS) | Filter rows by user identity | Regional managers see only their region |
| Column-Level (CLS) | Hide columns from users | Hide salary from non-HR users |
| Object-Level (OLS) | Hide entire tables/schemas | Hide executive compensation table |
| Dynamic Masking | Obscure sensitive values | Show ****1234 for SSN |
⚠️ Exam Trap: RLS, CLS, and OLS are semantic model features (Power BI layer), not lakehouse/warehouse features. If a question asks about restricting access to lakehouse data, workspace/item permissions are the answer. Data-level security applies when data is accessed through a semantic model.
Reflection Question: A hospital needs to ensure nurses see only patients in their ward, and even then, psychiatric notes are hidden. Which combination of security features addresses this requirement?
Written byAlvin Varughese
Founder•15 professional certifications