Microsoft Fabric Data Engineer Associate DP-700 Practice Question
Your organization uses a Microsoft Fabric data warehouse named ContosoDW. Members of the EuropeanFinance security group must query data in the dbo.Sales table, but:
They should see only rows where Region = 'EU'.
They must not be able to read the UnitCost column, while all other columns remain visible.
You need to configure ContosoDW to meet both requirements by using built-in capabilities of Fabric.
Which approach should you implement?
Create a table-valued function that filters on Region = 'EU', add it to a row-level security (RLS) security policy for dbo.Sales, and grant SELECT on the allowed columns only, leaving UnitCost ungranted.
Create a view that selects all columns except UnitCost, and give EuropeanFinance SELECT permissions only on the view; do not configure any RLS because workspace roles will enforce the row filter automatically.
Move the UnitCost column to a separate table protected by workspace item permissions, and use pipeline parameters to pass the required Region value at query time.
Apply dynamic data masking to the UnitCost column and assign the EuropeanFinance group the Viewer role at the workspace level.
In a Microsoft Fabric data warehouse, row-level security is enforced by creating a filter predicate function and binding it to a security policy. The policy filters the rows returned to a user according to logic you define, for example returning only rows where Region = 'EU' for members of the EuropeanFinance group.
To hide a single sensitive column while letting users read the remaining columns, grant SELECT permissions only on the allowed columns and withhold (or explicitly deny) SELECT on the UnitCost column. Fabric's SQL engine supports column-level permissions identical to those in Azure Synapse Analytics and SQL Server. Dynamic data masking would still reveal masked values and does not satisfy a 'no access' requirement, and workspace-level roles or item-level permissions cannot express per-row filters or per-column grants. Therefore, creating a row-level security policy together with explicit column-level SELECT grants is the correct solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Row-Level Security (RLS) in Microsoft Fabric?
Open an interactive chat with Bash
How does column-level SELECT permission work?
Open an interactive chat with Bash
Why is dynamic data masking insufficient for 'no access' requirements?
Open an interactive chat with Bash
Microsoft Fabric Data Engineer Associate DP-700
Implement and manage an analytics solution
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .