Microsoft Fabric is out there for a few weeks now. With the release of Fabric, a new concept in line with data-mesh architectures became available in Fabric, or Power BI if you will. With the introduction of Domains, we have a new level of controls added next to existing roles. In this blog I will further elaborate on the levels of control that are available today and provide a clear overview of these different levels.

Microsoft Fabric?

I can hardly imagine, but in case you missed the introduction of Microsoft Fabric, I highly encourage you to start watching YouTube videos, read blogs, documentation and more! Fabric is the new SaaS service which bundles and enriches existing data workloads in the Microsoft data ecosystem all under one umbrella. One of my personal favorites is always Guy in a Cube. In below video Adam Saxton provides an easy understandable overview of what Microsoft Fabric is. Next to that, I also wrote a blog in which I look at Fabric from a Power BI angle.

Controls and domains

Now we’re all on the same page and understand what Fabric is, let me introduce you to the concept of Domains. Domains is a new addition when it comes to controls. Domains are designed to categorize workspaces and their artifacts, enabling the bundling of workspaces in a data-mesh architecture. Each workspace can be assigned to only one domain, promoting clarity in ownership, data domain expertise, and governance. For example, you can have the HR domain, which lives side-by-side with a Finance Domain, Supply Chain Domain and potentially many more. Each workspace can only be assigned to one domain at a time. This avoids confusion and keeps things clear where ownership relies, data domain experts can be found and related governance.

But hey, when we use Fabric, we also need a capacity. That means we have another level of control – being the capacities. And to top it off, we also have the workspace level permissions. Each of these roles can control other things in your Fabric landscape, varying from settings that apply to only a single workspace, control a domain, all the way up to an entire tenant. I could understand if you got confused by now with all these different levels of controls. Cause who can do what exactly?

Overview of control levels

To get a better understanding of all the levels of controls, I put together a small overview. The more controls the role has, the higher on this picture. Fewer controls, means further down on the picture.

Based on this overview, we can define four different levels. As you can see, domain and capacity are put side by side. This is intentionally as both have different levels of controls that serve other goals. Therefore, they are not hierarchical related to each other. Let’s have a closer look at each role individually.

• Fabric Administrator – previously known as Power BI Service Administrator is the role who sets all tenant settings for the entire organization and global policies. Certain settings may be delegated to lower levels. The Fabric Administrators scope of influence is the entire tenant.
• Domain Admin – can specify the name, description and image related to a domain. Also, the domain administrator can assign workspaces by name, user or capacity to their respective specific domain in bulk. A Domain Administrators span of control is limited to the domain.
• Domain Contributor – can assign workspaces to the domain this person is contributor to. This has to be done from the workspace settings.
• Capacity Admin – controls the capacity configuration like notifications, Power BI workloads, Data engineering and science settings and monitors capacity utilization via the capacity metrics app. Capacity admin also has the ability to assign workspaces in bulk to their respective capacity by user or workspace name. The Capacity Administrators scope is limited to the capacity only.
• Capacity Contributor – can assign workspaces to the capacity to which this person is contributor. This has to be done from the workspace settings.
• Workspace Admin – holds control over workspace-specific settings, such as permissions, Azure connections, and Git integration for release management and version control..
• The remaining workspace roles, including Member, Contributor, and Viewer, retain their existing functionalities and can be further explored in the provided documentation.

To conclude

The different levels of control, including Fabric Administrator, Domain Admin, Domain Contributor, Capacity Admin, Capacity Contributor, and Workspace Admin, offer varying degrees of control and responsibilities within the Fabric landscape. Each role has specific scopes and functionalities, enabling management and governance of respectively the entire tenant, domains, capacities, and workspaces.

By understanding and utilizing these different control levels, you can establish a well-structured and governed Fabric environment, enhancing collaboration, data management, and overall efficiency within your organization. Setting up domains is not dedicated to Fabric only, but even if you only use Power BI today, you can start adopting this structuring and governance setup.