Hi All,
I'm in the process of designing a solution that integrates Microsoft Canvas Apps as the frontend interface with a Data Warehouse, specifically within the Microsoft Fabric suite of products, serving as the backend storage. The primary goal is to manage sensitive staff information across different departments, ensuring strict access control. Here are the outlined specific requirements:
Departmental Isolation: Each department manager should have access solely to their department's data through the Canvas App, with no visibility or edit permissions for data from other departments.
Staff Restrictions: Regular staff members (non-managers) should be restricted from viewing or editing any data within the app.
Upper Management Access: A higher-level manager requires the capability to oversee all departmental data within the app, with a consideration for granting edit permissions to this upper management role.
The core of my inquiry is centered around best practices for implementing Row-Level Security (RLS) within this framework. I am contemplating setting up RLS directly in the Microsoft Fabric Data Warehouse. However, I'm seeking clarity on how this would interact with the Microsoft Canvas Apps. Specifically, if I establish a connection between the Canvas App and the SQL database within Microsoft Fabric using the endpoint, will the RLS settings be effectively mirrored in the app? My objective is to ensure that the RLS within the Data Warehouse is robust and seamlessly integrated with the Canvas App, strictly adhering to the predefined role-based access controls.
I would greatly appreciate any insights, experiences, or guidance on orchestrating this type of security architecture within Microsoft Fabric's Data Warehouse and Canvas Apps, especially concerning the reflection of RLS in the Canvas App.
Thanks in advance for your valuable input.
