# Understand Fabric concepts


## Tenant
**A Fabric tenant:** is a dedicated **space** for organizations to create, store, and manage Fabric **items**. 
  - There's often a **single instance** of Fabric for an organization, and it's aligned with **Microsoft Entra ID**. 
  - The Fabric tenant maps to the **root** of OneLake and is at the **top level** of the hierarchy.

## Capacity
**Capacity:** is a dedicated **set of resources** that is available at a given time to be used. 
  - A tenant can have **one or more** capacities associated with it. 
  - Capacity defines the **ability** of a resource to perform an activity or to produce output. 
  - Different items consume different capacity at a certain time.

## Domain
**A domain:** is a logical **grouping of workspaces**. 
  - Domains are used to organize items. 
  - You can group things together in a way that makes it easier for the right people to have access to the right workspaces. For example, you might have a domain for sales, another for marketing, and another for finance.

## Workspace
**A workspace:** is a **collection of items** that brings together different functionality in a **single tenant**. 
  - It acts as a **container** that leverages capacity for the work that is executed, and provides controls for who can access the items in it. For example, in a sales workspace, users associated with the sales organization can create a data warehouse, run notebooks, create semantic models, create reports, etc.

## Fabric items
**Fabric items:** are the building blocks of the Fabric platform. 
  - They're the objects that you create and manage in Fabric. There are different types of items, such as data warehouses, data pipelines, semantic models, reports, and dashboards.

# Understand the Fabric administrator role

## Describe admin tasks
- **Security and access control:** to ensure that only authorized users can access sensitive data.
  - Use **role-based access control (RBAC)** to define who can view and edit content, set up data gateways to securely connect to on-premises data sources, and 
  - Use **Microsoft Entra ID** to manage user access.
- **Data governance:** requires a solid understanding of data governance principles.
  - Know how to secure inbound and outbound connectivity in your tenant and how to monitor usage and performance metrics. 
  - Know how to apply data governance policies to ensure data within your tenant is only accessible to authorized users.
- **Customization and configuration:** could include: 
  - Configuring private links to secure your tenant
  - Defining data classification policies
  - Adjusting the look and feel of reports and dashboards
- **Monitoring and optimization:** could include:
  - Configuring monitoring and alerting settings
  - Optimizing query performance
  - Managing capacity and scaling
  - Troubleshooting data refresh and connectivity issues

## Describe admin tools

### Fabric admin portal
In Fabric's admin portal you can:
- Centrally manage, review, and apply settings for the entire tenant or by capacity.
- Manage users, admins and groups, access audit logs, and monitor usage and performance.

The Fabric on/off switch, located in tenant settings let's organizations that use Power BI opt into Fabric. Here, you can enable Fabric for your tenant or allow capacity admins to enable Fabric.

![Fabric admin portal](./images/02/admin-delegation.png)

### PowerShell cmdlets
Fabric provides a set of [PowerShell cmdlets](https://learn.microsoft.com/en-us/powershell/scripting/powershell-commands?view=powershell-7.4) that you can use to automate common administrative tasks. A PowerShell cmdlet is a simple command that can be executed in PowerShell.

### Admin APIs and SDKs
An admin API and SDK are tools that allow developers to **interact with a software system** programmatically.
- **An API (Application Programming Interface):** is a set of protocols and tools that **enable communication** between different software applications.
- **An SDK (Software Development Kit):** is a set of tools and libraries that helps developers **create software applications** that can interact with a specific system or platform.

### Admin monitoring workspace
- Fabric tenant admins will have access to the new admin monitoring workspace.
  - You can choose to share access to the workspace or specific items within it with other users in your organization. 
- The admin monitoring workspace includes the Feature Usage and Adoption semantic model and report, which together provide insights on the usage and performance of your Fabric environment. 
  - You can use this information to identify trends and patterns, and troubleshoot issues.

![Admin monitoring workspace](./images/02/admin-monitoring-report.png)

# Manage Fabric security

## Manage users: assign and manage licenses
**Licenses:** control the level of **access** and **functionality** that users have within the Fabric environment. 
- Administrators can ensure that licensed users have the **necessary access** to data and analytics to perform their roles effectively, while also **limiting access** to sensitive data and ensuring compliance with data protection laws and regulations.
- Managing licenses allows administrators to **monitor and control costs** by ensuring that licenses are allocated efficiently and only to users who need them.
- Having the appropriate procedures in place to assign and manage licenses helps to control access to data and analytics, ensure compliance with regulations, and optimize costs.

License management for Fabric is handled in the Microsoft 365 admin center. For more information about managing licenses, see [Assign licenses to users](https://learn.microsoft.com/en-us/microsoft-365/admin/manage/assign-licenses-to-users?view=o365-worldwide).

## Manage items and sharing
As an admin, you can manage how users interact with Fabric in terms of **sharing and distribution** of content.
- This includes managing how users share content with others, and how they distribute content to others. 
- You can also manage how users interact with items, such as data warehouses, data pipelines, semantic models, reports, and dashboards.

Items in workspaces are best distributed through a **workspace app** or the **workspace** directly. 
- Granting the least permissive rights is the first step is securing the data. 
  - Share the read only app for access to the reports or grant access to the workspaces for collaboration and development.

# Govern data in Fabric

## Endorse Fabric content
**Content endorsement:** helps to **establish trust** in your **data assets** by **`promoting`** and **`certifying`** specific Fabric items as trusted and approved for use across the organization. 
- All Fabric items can be endorsed **except dashboards**.
- Endorsed assets are identified with a **badge** that indicates they have been reviewed and approved.

Promoted Fabric content appears with a **`Promoted badge`** in the Fabric portal. 
- Workspace members with the **contributor** or **admin role** can promote content within a workspace.
- The Fabric admin can promote content across the organization.

![Endorse Fabric content](./images/02/content-endorsement.png)

**Content certification:** is a more formal process that involves a review of the content by a designated reviewer. 
- Certified Fabric content appears with a **`Certified badge`** in the Fabric portal. 
- The certification process is managed by you, the admin, and can be customized to meet the needs of your organization.

If you aren't an admin, you need to request item certification from an admin. You can do request certification by selecting the item in the Fabric portal, and then selecting **Request certification** from the **More** menu.

## Scan for sensitive data
**Metadata scanning:** facilitates governance of data by enabling cataloging and reporting on all the metadata of your organization's Fabric items. 
- The scanner API is a set of Admin REST APIs that allows you to scan Fabric items for **sensitive data**.
  - It is used to scan data warehouses, data pipelines, semantic models, reports, and dashboards for sensitive data. 
  - It is used to scan both structured and unstructured data.

<img src="https://files.training.databricks.com/images/icon_note_32.png" alt="Note"> Before metadata scanning can be run, it needs to be set up in your organization by an Admin. For more information, see the [Metadata scanning overview](https://learn.microsoft.com/en-us/fabric/governance/metadata-scanning-overview).

# Track data lineage
**Data lineage:** is the ability to track the flow of data through Fabric. 
- Data lineage allows you to see where data comes from, how it's transformed, and where it goes.