Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
DAJones91
New Member

Preventing Confidential Data Exfiltration

‎02-15-2024 02:28 PM

Working pretty much exclusively with confidential financial data in Fabric and I'm wondering if there is any way to prevent a user from (maliciously) using the Copy activity in pipelines to send data to an external data sink (e.g. a personal cloud storage account or that of another corporate?). Assuming the user can authenticate to the sink of their choice, this scenario seems entirely possible and it's not clear from the literature if it can be prevented at all.

Message 1 of 3
1,150 Views
0
1 ACCEPTED SOLUTION
NandanHegde
Super User
Super User

‎02-15-2024 07:31 PM

Hey,

unfortunately in case if a user has access on both the source (confidential data) and sink and if the user has the necessary permission to create pipelines within Fabric, we cannot restrict users from moving the data.

 

But in the PaaS equivalent of Data factory, you can restrict users from creating linked services thereby restricting the movement into unwanted sinks.

But this access granularity is not yet supported in Fabric (and might not be because this being a SaaS application)




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com

View solution in original post

Message 2 of 3
1,124 Views
0
2 REPLIES 2
NandanHegde
Super User
Super User

‎02-15-2024 07:31 PM

Hey,

unfortunately in case if a user has access on both the source (confidential data) and sink and if the user has the necessary permission to create pipelines within Fabric, we cannot restrict users from moving the data.

 

But in the PaaS equivalent of Data factory, you can restrict users from creating linked services thereby restricting the movement into unwanted sinks.

But this access granularity is not yet supported in Fabric (and might not be because this being a SaaS application)




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 2 of 3
1,125 Views
0
Anonymous
Not applicable
In response to NandanHegde

‎02-19-2024 06:39 AM

Hello @DAJones91 ,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet .
In case if you have any resolution please do share that same with the community as it can be helpful to others .
Otherwise, will respond back with the more details and we will try to help .

Message 3 of 3
1,076 Views
0

Helpful resources

Announcements
Fabric July 2025 Monthly Update Carousel

Fabric Monthly Update - July 2025

Check out the July 2025 Fabric update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All