Microsoft Fabric introduced a new concept called Domains. Domains are more than just a separation of Fabric data items. They come with a whole lot of security, administration, and governance features, which brings the concept of data mesh into the world of data analytics using Microsoft Fabric. Domains are logical categorizations inside the OneLake. In this article and video, I will explain what domains are in Microsoft Fabric, why they are important, and their associated features and configurations.
Microsoft Fabric is an end-to-end Data Analytics software-as-a-service offering from Microsoft. Microsoft Fabric combined some products and services to cover an end-to-end and easy-to-use platform for data analytics. Here are the components (also called workloads) of Microsoft Fabric.
To learn more about Microsoft Fabric and enable it in your organization, I recommend reading the articles below;
Data Mesh: What and Why?
Organizations these days have data everywhere and in every business unit. People in the organization deal with the data items in their day-to-day jobs. Making the data accessible to the people in the organization can have different types of approaches, also called architectures. One of the common architectures these days is Data Mesh.
Data Mesh is working on the concept of decentralizing data into business domains. For example, marketing, sales, etc. Having multiple business domains or categorizations for the data helps set up ownership, access rights, governance, and self-service.
In the concept of Data Mesh, the data entities might be categorized into business domains like the below;
In the Data Mesh architecture, you can have databases, data warehouses, data marts, etc., under each node (also called a domain). However, because different business departments are interconnected, their data should also be interconnected. That is why you see the lines between the domains.
Fabric Domains: Data Mesh in Fabric
Microsoft also provided data mesh capabilities in the Fabric as an end-to-end data analytics solution. Workspaces previously provided this ability inside the Power BI Service. However, the concept of Domain is more than just a workspace. What if you want to categorize items inside a domain? Inside a workspace, you cannot create another workspace. What if you want an owner for the whole domain plus an owner for each workspace under the domain? Other limitations in the workspace caused the creation of the Domains in Fabric.
Domains are logical groups inside Fabric for items related together for a particular business group. For example, you can have a Domain for Sales and another for Marketing. Domains are logical groups because they all use the OneLake (and under that ADLS Gen2) storage engine underneath. The entities inside domains can split into further categories using Workspaces. Inside workspaces, you can have Fabric items (such as Lakehouse, Warehouse, Dataset, Dataflow, Datamart, etc.)
The diagram below shows how Domains and Workspaces work together;
Shortcuts and OneCopy
Although Shortcuts and OneCopy require a separate article (coming soon), it is important to mention them here briefly. When you have data items in different domains, one of the main challenges would be accessing a domain’s entities from another domain inside the same tenant. OneLake has this wonderful feature of OneCopy using Shortcuts, which allows the items of one Domain to be useable inside other domains without needing to move or duplicate the entity.
Shortcut items will be like links inside the Fabric Data items and work seamlessly like an internal item. For example, you can have a Lakehouse with one internal table and one external table using a shortcut from a table in a Lakehouse from another domain, and then, using SQL commands, you can query data from both tables.
Role Distribution Across Tenant, Domain, and Workspace
As the Tenant, Domains, and Workspaces structure is hierarchical, the access roles are distributed well for it. You can have different levels of administrators and contributors in this structure. Here are some of these roles;
- Fabric Tenant Administrator (Similar to Power BI Administrator)
- Domain Administrator
- Domain Contributor
- Workspace Administrator
- Workspace Member, Contributor, and Viewer
I have previously explained the Workspace roles and how the role controls the creation or sharing of Fabric items. Let’s talk about the Domain roles here, then;
These are workspace administrators who are authorized to assign their workspaces to Domains.
Domain admins have full access to the Domain page; they can set up the Domain image, configure the details of it, or add or remove Domain contributors. They cannot delete the Domain or other Domain Administrators, though. Ideally, Domain admins are the business data owners of that domain.
Fabric Admin can create, edit, and delete Domains, Add Domain Admins and Contributors to it, and set the configurations of the domains.
Domains in Action
Now that you know what the Domains are, what they do, and how helpful they are, let’s see them in action and how they work.
Creating and Configuring Domains
To create the domains in the first place, you need to be Fabric Admin and go to the Admin Portal;
The Admin Portal has a section for Domains where you can create a new domain.
There are a few settings needed for each Domain. These start with the Domain Name and description;
The Domain image will be helpful to easily distinguish the Domain when you filter it in the OneLake Data Hub or on the Domain page itself.
The screenshot below illustrates that Domain Admins and Domain Contributors can be assigned easily on the configuration page.
You can also assign workspaces to the Domain or unassign them. Workspaces can be assigned by their names individually or all workspaces from a specific admin or under a specific capacity.
You can also change some of the settings at the Domain level and overwrite the changes from the Tenant level. At the time of writing this article, the only settings available are the endorsement and certification. However, I am sure more settings will come here in the near future.
Once the Domain is created and configured, it will be visible in a few places like the one below.
Seeing and Setting Domains from the Workspace
If the workspace is assigned to a Domain, you can see a small link icon beside it showing which Domain this is assigned to.
You can also change the assigned Domain (if you have enough privilege to do so) under the Workspace settings.
OneLake data hub
Another place where the Domain selection will be possible and helpful is under the OneLake data hub. You can filter items and see the Domain image there, too.
Designing Domains and Workspaces
Domains are different from the Workspace, as you learned in this article. Workspaces will be used to categorize the Fabric items inside the Domains. With that, you may ask: How should I design Domains and Workspaces now? The Workspace design itself was a journey itself. Now, combining it with Domains might make it even more challenging.
An easy way to see it is Domains representing business data units. If there is a need for a part of the business to own its data entities and processes around it, then it makes sense to create a Domain for it. And under the Domain, you can design workspaces based on the access level of data analysts and developers to the Fabric items. This is very generic advice, Of course. The actual design of Domains and Workspaces would require a separate article. I have previously written about some best practice designs for Workspaces; I will write another article about combining that with Domains, so stay tuned.
These days, businesses have data everywhere. A standard architecture that helps is a decentralized, business-domain based Data Mesh. In Data Mesh architecture, Fabric items can be separated into Domains. Each Domain can have some configurations and access levels. Under each Domain, there will be Workspaces where the Fabric items will be created and maintained.
Domains make the Data Mesh architecture possible inside the Microsoft Fabric. They can be interconnected using OneLake features such as OneCopy and Shortcuts so that the users of other Domain entities (if they have enough privilege) can use the entities from other Domains inside their entities seamlessly.
An important thing to consider is that Domains are just logical groupings in the OneLake. OneLake provides a single lake for the organization through a logical layer on top of the Azure Data Lake Gen2. So, all the data is underneath stored in ADLS Gen2.