Detail:
At the moment, Fabric supports allowing any user to create all artifact types or restricting creation to an AAD group. While helpful, modern enterprise environments require more precise governance. Different teams operate with different responsibilities, and unrestricted artifact creation increases risk, introduces operational overhead, and can lead to unintended platform misuse.

For example:

• Data Engineering teams should be able to create Data Factory pipelines, Dataflows, Lakehouses, and Notebooks
• Machine Learning teams may require access to Notebooks but should not necessarily create Pipelines or Dataflows
• Business teams may need access only to Semantic Models or Dashboards
• Platform teams must be able to enforce governance while keeping Fabric aligned with enterprise architectures

Implementing a least‑privilege, role-based model is standard practice across cloud services (Azure, AWS, GCP) and is critical for organizations with compliance and security requirements.

Request:
Please enable admins to grant permissions per artifact type (ADF, Notebooks, Lakehouses, Pipelines, ML Models, etc.) to specific security groups.

This would allow organizations to:

• Strengthen security and compliance
• Reduce accidental resource sprawl
• Ensure proper architecture and governance
• Empower teams with the exact tools they need—no more, no less
• Align Fabric with industry-standard RBAC and least‑privilege models

This enhancement would bring Fabric closer to enterprise-grade governance expectations and unlock broader adoption.