Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Vienna from September 15-18, 2025, for the ultimate Fabric, Power BI, SQL, and AI community-led learning event. Save €200 with code FABCOMM. Get registered

Reply
DAJones91
New Member

Preventing Confidential Data Exfiltration

‎02-15-2024 02:28 PM

Working pretty much exclusively with confidential financial data in Fabric and I'm wondering if there is any way to prevent a user from (maliciously) using the Copy activity in pipelines to send data to an external data sink (e.g. a personal cloud storage account or that of another corporate?). Assuming the user can authenticate to the sink of their choice, this scenario seems entirely possible and it's not clear from the literature if it can be prevented at all.

Message 1 of 3
1,009 Views
0
1 ACCEPTED SOLUTION
NandanHegde
Super User
Super User

‎02-15-2024 07:31 PM

Hey,

unfortunately in case if a user has access on both the source (confidential data) and sink and if the user has the necessary permission to create pipelines within Fabric, we cannot restrict users from moving the data.

 

But in the PaaS equivalent of Data factory, you can restrict users from creating linked services thereby restricting the movement into unwanted sinks.

But this access granularity is not yet supported in Fabric (and might not be because this being a SaaS application)




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com

View solution in original post

Message 2 of 3
983 Views
0
2 REPLIES 2
NandanHegde
Super User
Super User

‎02-15-2024 07:31 PM

Hey,

unfortunately in case if a user has access on both the source (confidential data) and sink and if the user has the necessary permission to create pipelines within Fabric, we cannot restrict users from moving the data.

 

But in the PaaS equivalent of Data factory, you can restrict users from creating linked services thereby restricting the movement into unwanted sinks.

But this access granularity is not yet supported in Fabric (and might not be because this being a SaaS application)




----------------------------------------------------------------------------------------------
Nandan Hegde (MSFT Data MVP)
LinkedIn Profile : www.linkedin.com/in/nandan-hegde-4a195a66
GitHUB Profile : https://github.com/NandanHegde15
Twitter Profile : @nandan_hegde15
MSFT MVP Profile : https://mvp.microsoft.com/en-US/MVP/profile/8977819f-95fb-ed11-8f6d-000d3a560942
Topmate : https://topmate.io/nandan_hegde
Blog :https://datasharkx.wordpress.com
Message 2 of 3
984 Views
0
Anonymous
Not applicable
In response to NandanHegde

‎02-19-2024 06:39 AM

Hello @DAJones91 ,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet .
In case if you have any resolution please do share that same with the community as it can be helpful to others .
Otherwise, will respond back with the more details and we will try to help .

Message 3 of 3
935 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June FBC25 Carousel

Fabric Monthly Update - June 2025

Check out the June 2025 Fabric update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All