RBAC or role-based security is a mechanism to restrict system access Access control systems can be: Physical: access is limited to buildings, rooms or servers Logical: Digital access to data, files or networks is controlled In Discretionary Access Control (DAC), the owner of a protected system or resource sets policies to define who can access it Mandatory Access Control (MAC) involves assigning classifications to system resources and the security kernel or operating system Access Control List ( ACL) is an alternative to RBAC. ACL is a table listing the permissions attached to computing resources Attribute-Based Access Control ( ABAC) evaluates a set of rules and policies to manage access rights according to specific attributes

- Use encryption at multiple levels - Use fine grained-permissions (RBAC) - Network security and segmentations - Data classification, labeling, and data masking (role based, dynamic, documents, etc.) - Implement auditing and access monitoring - Threat detection - Leverage AI where possible: anomaly detection, threat detection, risk assessments, data classification and masking, automated compliance, etc. - Implement governance and compliance frameworks - Secure APIs that interact with the DW - DRPs in place and test them regularly - Performance governance and DW health monitoring - Use different storage strategies for improved performance

1) Have a proper RBAC design ( this won't affect performance ) 2) Encrypt data. On SQL Server switching TDE on should not affect performance. In Fabric data at rest is encrypted by default. 3) Network security - plan your network architecture and the paths that data will move on. For Fabric , if you use Private Endpoints your data between your Azure data stores and Fabric travel securely on private connections not Public Internet. 4) Data Masking - implement for sensitive data 5) Periodically test your security architecture

Data Masking: Implement dynamic data masking to hide sensitive data for non-privileged users without duplicating data. Activity Monitoring: we can use auditing features to log and monitor access to data. Like, Azure Synapse provides built-in auditing. Caching: we can use in-memory caching layers like Azure Synapse’s Materialized Views or Databricks Delta Cache for secure, fast access. Query Optimisation:Here we can design efficient queries and partition data for faster access.