Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This guide helps you establish data security in your mirrored Azure Database for PostgreSQL flexible server in Microsoft Fabric.
Important
For the current preview, Microsoft Entra ID users and service principals in Azure Database for PostgreSQL flexible server are not supported. Use Basic (PostgreSQL Authentication).
Security requirements
- The System Assigned Managed Identity (SAMI) of your Azure Database for PostgreSQL flexible server needs to be enabled, and must be the primary identity. To configure, go to your flexible server in the Azure portal. Under Security the resource menu, select Identity. Under System assigned managed identity, select Status to On.
- After enabling the SAMI, if the SAMI is disabled or removed, the mirroring of Azure Database for PostgreSQL flexible server to Fabric OneLake will fail.
- Fabric needs to connect to the Azure Database for PostgreSQL flexible server. For this purpose, create a database role with proper permissions to access source database and tables, to follow the principle of least privilege, and with a strong password. For a tutorial, see Tutorial: Configure Microsoft Fabric mirrored databases from Azure Database for PostgreSQL flexible server.
Important
Any granular security established in the source database must be reconfigured in the mirrored database in Microsoft Fabric. For more information, see SQL granular permissions in Microsoft Fabric.
Data protection features
You can secure column filters and predicate-based row filters on tables to roles and users in Microsoft Fabric:
You can also mask sensitive data from non-admins using dynamic data masking: