Our website use cookies to improve and personalize your experience. Our website may also include cookies from third parties like Google Adsense, Google Analytics & Youtube. By using the website, you consent to the use of cookies. We have updated our Privacy Policy. Please click on the button to check our Privacy Policy.

Ok, I Agree Privacy Policy

Case Study: Microsoft Fabric

Securing the Data Platform – Bunn’s Early Adoption of Microsoft Fabric

Summary

Business Challenge

Bunn needed a scalable way to secure sensitive business data within Microsoft Fabric while reducing the complexity and manual upkeep of role-based permissions.

Solution

Oakwood implemented row-level security (RLS) policies in Fabric, automating access controls across datasets and streamlining governance.

Benefits

The approach simplified security management, ensured consistent protection of sensitive data, and accelerated Fabric adoption by giving business users confidence in the platform.

Overview

Bunn-O-Matic Corporation, headquartered in Springfield, IL, is a global leader in dispensed beverage equipment. Known initially for its coffee solutions, Bunn has since expanded into espresso machines, tea brewers, juice dispensers, granita machines, filtered water systems, and other specialty beverage products. With five generations of family leadership, Bunn is recognized for delivering reliable equipment and exceptional post-purchase support.

The goal of this engagement was to transition Bunn’s data platform to Microsoft Fabric while establishing a secure and scalable data governance framework. Leveraging a modern data architecture, including a Data Lake and the Medallion pattern, Oakwood aimed to automate extract, load, and transform (ELT) processes to improve performance and stability. The Fabric-based solution provides high-quality, trusted data to the Business Intelligence team through the Gold layer in the data warehouse for reporting and analytics.

Business Challenge

A critical component of the security implementation was establishing row-level security within the data warehouse. As a maturing software as a service offering, Fabric adoption is increasing, but the extent of its capability is not well known. So much of what is done is innovative for early adopters. Our team needed a solution that could meet the client’s need, while recognizing that there are simply few industry or published resources available to guide development.

Row level security simplifies security design and coding in applications while enabling effective restrictions on data row access across the organization. The existing platform featured complex row-level security with custom rules tied to role-based access protocols, which were manually managed and increasingly cumbersome as rule requirements changed frequently. In short, our client needed a complex way to ensure that personnel could see only the data that they were allowed to see, but that it was customized to meet the established complex business rules.

A core challenge was designing row-level security (RLS) within Microsoft Fabric’s evolving ecosystem. As an early adopter of Fabric, Bunn faced the complexity of implementing enterprise-grade security with limited documentation or community examples available.

Bunn’s existing platform featured intricate, manually managed RLS logic tied to role-based access controls. This system had become difficult to maintain as rules evolved and user roles changed frequently. The need was clear: implement a sophisticated, dynamic RLS model that aligned with Bunn’s business rules—ensuring every user could access only the data they were authorized to see, with minimal administrative overhead.

Solution

Oakwood designed a scalable and fully automated RLS framework in the data consumption layer of Microsoft Fabric. Key components included:

  • Access Rule Tables – Centralized tables that define access rules by role across data tables.
  • Dynamic Rule Evaluation – Security functions dynamically read and apply rules, attaching appropriate policies to each dataset.
  • Sequential, Short-Circuiting Logic – Predicate conditions are evaluated in sequence, applying the first rule that matches and stopping further evaluation—ensuring efficient and accurate data access control.

The implementation leveraged native capabilities of Microsoft Fabric while introducing custom logic tailored to Bunn’s unique business requirements. Additional engineering considerations included:

  • Metadata Verification
  • Comprehensive Error Handling
  • Automated Alerting Mechanisms

These components were integrated into a secure, performant stored procedure to manage rule enforcement automatically.

Conclusion

The automated RLS solution has been fully deployed and tested, allowing Bunn to implement granular, policy-based data access controls with significantly reduced manual effort. The pipeline-driven framework allows security policies to trigger dynamically based on upstream process events—making the system responsive, scalable, and easier to maintain.

This engagement reflects Oakwood’s commitment to innovation and client success, delivering one of the first enterprise-grade row-level security implementations in Microsoft Fabric.

If you have any questions about your next technology initiative, please leave a note below for our Team.