DP-700 Exam QuestionsBrowse all questions from this exam
Go to Exam

DP-700 Exam - Question 9

You have a Fabric workspace named Workspace1 that contains a lakehouse named Lakehouse1. Lakehouse1 contains the following tables:

Orders -

Customer -

Employee -

The Employee table contains Personally Identifiable Information (PII).

A data engineer is building a workflow that requires writing data to the Customer table, however, the user does NOT have the elevated permissions required to view the contents of the Employee table.

You need to ensure that the data engineer can write data to the Customer table without reading data from the Employee table.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Show Answer
Correct Answer:

Discussion

11 comments
Sign in to comment
fassilOptions: DEF
Feb 27, 2025

Assign the data engineer the Contributor role for Workspace1 ( D) - This will provide the necessary permissions to write to the Customer table. Migrate the Employee table from Lakehouse1 to Lakehouse2 (E) - This will isolate the table with PII in a different lakehouse. Create a new workspace named Workspace2 that contains a new lakehouse named Lakehouse2 (Option F) - This is necessary to separate the Employee table into a different workspace to restrict access.

IshtarSQLOptions: DEF
Dec 7, 2024

Why A is incorrect: A. Share Lakehouse1 with the data engineer. Sharing Lakehouse1 directly grants access to all its contents, including the Employee table, which violates the requirement.

robertlavigneOptions: DEF
Jan 23, 2025

First we need to do F and E to separate the Employee table from the other tables. Then they need contributor access to be able to write to the Customer table which is in Workspace1 A is incorrect as sharing only gives read access. https://learn.microsoft.com/en-us/fabric/data-engineering/lakehouse-sharing B is incorrect as Workspace2 has the Employee table which the data engineer shouldn’t access. C is incorrect as viewer won’t allow them to write and the Customer table isn’t even in that workspace E is incorrect as viewer won’t allow them to write

Tuki93Options: DEF
Dec 8, 2024

I think D, E, and F are the working solution.

alirana3Options: DEF
Apr 19, 2025

The three correct actions to take are: E. Migrate the Employee table from Lakehouse1 to Lakehouse2 — This isolates sensitive data (Employee table) from the data engineer’s access. D. Assign the data engineer the Contributor role for Workspace1 — This allows the data engineer to write to the Customer table in Lakehouse1. F. Create a new workspace named Workspace2 that contains a new lakehouse named Lakehouse2 — This action is a result of migrating the Employee table to Lakehouse2 in a separate workspace (Workspace2) to ensure restricted access to sensitive data (PII). Why Option A is Incorrect: A. Share Lakehouse1 with the data engineer: Sharing only gives read access to the lakehouse, which is not sufficient for the data engineer to write data to the Customer table in Lakehouse1. They need write permissions to modify the table, so Contributor role for Workspace1 is the correct option.

i_have_a_nameOptions: AEF
Jan 17, 2025

If we are migrating the Employee table to Lakehouse 2 in the workspace 2 , what is wrong in sharing the Lakehouse 1 with the data engineer ? My answer would be A, E, F

prabhjot
Feb 6, 2025

but then you ultimately would have to give the data engineer a contributor access to workspace 1 for him to work on the lakehouse as far as i think.

dcprice
Feb 10, 2025

Currently uou can't give write access via Lakehouse sharing. https://learn.microsoft.com/en-us/fabric/data-engineering/lakehouse-sharing. So it is DEF

MultiCloudIronManOptions: DEF
Feb 15, 2025

So, in this case, your answer DEF makes sense as it covers the necessary steps: Create a new workspace and lakehouse (Workspace2 and Lakehouse2). Migrate the Employee table to the new lakehouse. Assign the data engineer the Contributor role in the original workspace.

henryphchanOptions: DEF
Feb 17, 2025

The steps are F, E, D

ChenFuOptions: CEF
Feb 21, 2025

C. Assign the Viewer role for Workspace2: This ensures the data engineer can see the structure and metadata of the workspace without accessing sensitive Employee table data. They can still write to the Customer table without elevated permissions. E. Migrate the Employee table from Lakehouse1 to Lakehouse2: This separates Personally Identifiable Information (PII) from the original lakehouse, ensuring the data engineer does not have access to sensitive data while working with non-PII data. F. Create Workspace2 with Lakehouse2: This creates an isolated environment specifically for sensitive data like the Employee table. It ensures workspace-level access control and adheres to privacy and security best practices.

EtenselOptions: ADE
Mar 21, 2025

belive me..

AbhirupAz900Options: ADE
Apr 17, 2025

Since only 3 answers needed to be selected ADE