2.6. Reflection Checkpoint: Analytics Solution Mastery

Key Takeaways

Before proceeding to Phase 2, ensure you can:

• Explain why OneLake shortcuts don't copy data and what that means for governance
• Navigate to the correct location to assign a workspace to a subdomain (it's workspace settings, not admin portal)
• Configure deployment rules to automatically change database connections between deployment stages
• Choose between DDM, CLS, and RLS based on whether you need to mask, hide columns, or filter rows
• Select the right orchestration tool (Dataflow Gen2, Pipeline, Notebook) for a given scenario
• Explain when Managed Private Endpoints are required vs. Trusted Workspace Access

Connecting Forward

In Phase 2, you'll build on these governance foundations by implementing actual data movement—loading patterns, transformations, and streaming ingestion. The workspace and security configurations from Phase 1 provide the guardrails within which Phase 2's data engineering happens.

Self-Assessment Questions

1. Your organization requires data to physically reside within the EU for GDPR compliance. A colleague suggests using shortcuts to AWS S3 buckets in the US region. Why might this create a compliance issue, and what would you recommend instead?

2. A production pipeline deployment failed, and the lakehouse is now pointing to the development database. What deployment pipeline feature was likely missing, and how would you fix it?

3. A user can view a Power BI report but gets "access denied" when trying to query the underlying lakehouse directly. Is this expected behavior? Why or why not?