# Policy Weaver
## Overview
Microsoft Fabric introduced mirroring as a managed, friction-free way of synchronizing data from a diverse set of data & analytic platforms to Fabric via OneLake.
While mirroring provides all the capabilities required to keep data in sync, data access policies defined by the source system are out-of-scope and must be handled manually.
Manually handling of these data access policies presents a challenge for ensuring consistent security across the data estate while reducing risks or vulnerabilities associated with out-of-sync security policies.
The Policy Weaver project addresses this by automating the synchronzation of data access policies from source to Fabric in a transparent and auditable mmaner.
Designed as a pluggable framework, Policy Weaver provides connectors that handle the export of access policies from a configured source before applying them to the mirror data within Fabric.
Policy Weaver will initially supports the following sources:
- [Databricks Unity Catalog]()
- BigQuery
- Snowflake
<mark><b>Note:</b>Policy Weaver is limited to read-only policies. Support for row filter and column-masking policies will be added in a future version.</mark>
This project is made available as a Python library and can be run from anywhere with a Python runtime.
For more information on getting started, please see the [Getting Started]() documentation.
## OneLake Data Access Roles Overview
Policy Weaver uses OneLake Data Access Roles to coalesce source system security policies into access policies that apply uniformly across the Fabric platform. With Data Access Roles, security policies are defined as role-based access controls (RBAC) on the data stored in OneLake.
When data is accessed from anywhere within Fabric, the defined RBAC policies are enforced. This means that data whether is accessed from a Notebook, SQL Endpoint or Semantic model the security policies defined by the source system are enforced consistently as expected.
For more details on OneLake Data Access policies, please see official Microsoft documentation: [OneLake Security Overview](https://learn.microsoft.com/en-us/fabric/onelake/security/get-started-security)
## Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
## Trademarks
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft
trademarks or logos is subject to and must follow
[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
Any use of third-party trademarks or logos are subject to those third-party's policies.
Raw data
{
"_id": null,
"home_page": null,
"name": "policy-weaver",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.11.8",
"maintainer_email": null,
"keywords": "Fabric, Fabric Access Policy, Databricks, BigQuery, Snowflake",
"author": null,
"author_email": "Tonio Lora <tonio.lora@microsoft.com>, Christopher Price <chriprice@microsoft.com>",
"download_url": "https://files.pythonhosted.org/packages/75/1a/21eaa79d35aeb99fd76bb92326271873ffca1066910916352640a5addc78/policy_weaver-0.1.1.tar.gz",
"platform": null,
"description": "# Policy Weaver \n\n## Overview\n\nMicrosoft Fabric introduced mirroring as a managed, friction-free way of synchronizing data from a diverse set of data & analytic platforms to Fabric via OneLake. \n\nWhile mirroring provides all the capabilities required to keep data in sync, data access policies defined by the source system are out-of-scope and must be handled manually. \n\nManually handling of these data access policies presents a challenge for ensuring consistent security across the data estate while reducing risks or vulnerabilities associated with out-of-sync security policies.\n\nThe Policy Weaver project addresses this by automating the synchronzation of data access policies from source to Fabric in a transparent and auditable mmaner.\n\nDesigned as a pluggable framework, Policy Weaver provides connectors that handle the export of access policies from a configured source before applying them to the mirror data within Fabric.\n\nPolicy Weaver will initially supports the following sources:\n- [Databricks Unity Catalog]()\n- BigQuery\n- Snowflake\n\n<mark><b>Note:</b>Policy Weaver is limited to read-only policies. Support for row filter and column-masking policies will be added in a future version.</mark>\n\nThis project is made available as a Python library and can be run from anywhere with a Python runtime. \n\nFor more information on getting started, please see the [Getting Started]() documentation. \n\n## OneLake Data Access Roles Overview\n\nPolicy Weaver uses OneLake Data Access Roles to coalesce source system security policies into access policies that apply uniformly across the Fabric platform. With Data Access Roles, security policies are defined as role-based access controls (RBAC) on the data stored in OneLake.\n\nWhen data is accessed from anywhere within Fabric, the defined RBAC policies are enforced. This means that data whether is accessed from a Notebook, SQL Endpoint or Semantic model the security policies defined by the source system are enforced consistently as expected.\n\nFor more details on OneLake Data Access policies, please see official Microsoft documentation: [OneLake Security Overview](https://learn.microsoft.com/en-us/fabric/onelake/security/get-started-security) \n\n## Contributing\n\nThis project welcomes contributions and suggestions. Most contributions require you to agree to a\nContributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us\nthe rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.\n\nWhen you submit a pull request, a CLA bot will automatically determine whether you need to provide\na CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions\nprovided by the bot. You will only need to do this once across all repos using our CLA.\n\nThis project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).\nFor more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or\ncontact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.\n\n## Trademarks\n\nThis project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft \ntrademarks or logos is subject to and must follow \n[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).\nUse of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.\nAny use of third-party trademarks or logos are subject to those third-party's policies.\n",
"bugtrack_url": null,
"license": "MIT License",
"summary": "Policy Weaver for Microsoft Fabric",
"version": "0.1.1",
"project_urls": {
"Documentation": "https://github.com/microsoft/Policy-Weaver/blob/main/docs/PolicyWeaver.md",
"Homepage": "https://github.com/microsoft/Policy-Weaver",
"Issues": "https://github.com/microsoft/Policy-Weaver/issues",
"Repository": "https://github.com/microsoft/Policy-Weaver.git"
},
"split_keywords": [
"fabric",
" fabric access policy",
" databricks",
" bigquery",
" snowflake"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "9edc2c5347d4f69f29105328bc289acd669aa5e4035be3de4d5a9fdd1b086c49",
"md5": "6877fa9779595a50117276e114c8104b",
"sha256": "da92af08d475569fc534b2d55538d5347479cd6b4823e5ea843c35009c34bcb8"
},
"downloads": -1,
"filename": "policy_weaver-0.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "6877fa9779595a50117276e114c8104b",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.11.8",
"size": 15280,
"upload_time": "2025-01-15T20:20:03",
"upload_time_iso_8601": "2025-01-15T20:20:03.785390Z",
"url": "https://files.pythonhosted.org/packages/9e/dc/2c5347d4f69f29105328bc289acd669aa5e4035be3de4d5a9fdd1b086c49/policy_weaver-0.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "751a21eaa79d35aeb99fd76bb92326271873ffca1066910916352640a5addc78",
"md5": "0dbd1920a6503ddcacae23b375115818",
"sha256": "a79049dedc187b714cc433a7a3e29b0133f90331045146e62758feb366ef68f6"
},
"downloads": -1,
"filename": "policy_weaver-0.1.1.tar.gz",
"has_sig": false,
"md5_digest": "0dbd1920a6503ddcacae23b375115818",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.11.8",
"size": 13093,
"upload_time": "2025-01-15T20:20:04",
"upload_time_iso_8601": "2025-01-15T20:20:04.822918Z",
"url": "https://files.pythonhosted.org/packages/75/1a/21eaa79d35aeb99fd76bb92326271873ffca1066910916352640a5addc78/policy_weaver-0.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-15 20:20:04",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "microsoft",
"github_project": "Policy-Weaver",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "policy-weaver"
}
JSON
