How to: Secure data Microsoft Fabric mirrored databases from SQL Server

This guide helps you establish data security in your mirrored SQL Server in Microsoft Fabric.

Security requirements

1. Check the networking requirements to access your SQL Server instance data source. Install an on-premises data gateway. The gateway machine's network must connect to the SQL Server instance via a private endpoint or be allowed by the firewall rule.
   • Resources for data gateways:
     • Plan, scale, and maintain a business-critical gateway solution
     • Monitor and optimize on-premises data gateway performance
     • Troubleshoot the on-premises data gateway
     • Azure Arc-enabled SQL Server instance: Troubleshoot Azure Connected Machine agent connection issues
2. Fabric needs to authenticate to the SQL Server instance. For this purpose, create a dedicated database user with limited permissions, to follow the principle of least privilege. Create either a login with a strong password and connected user in the source database, or a contained database user with a strong password. For a tutorial, see Tutorial: Configure Microsoft Fabric mirrored databases From SQL Server.

Data protection features

You can secure column filters and predicate-based row filters on tables to roles and users in Microsoft Fabric:

• Row-level security in Fabric data warehousing
• Column-level security in Fabric data warehousing

You can also mask sensitive data from non-admins using dynamic data masking:

• Dynamic data masking in Fabric data warehousing

Related content

• What is Mirroring in Fabric?
• SQL granular permissions in Microsoft Fabric