Service principal and private library support for Fabric User data functions

• Announcements
• Data Engineering
• Microsoft Fabric

• April 28, 2025 by Sunitha Muthukrishna 4,357 Views

Fabric user data functions let’s you create and run custom functions tailored specifically to your organization’s needs. These functions make it easy to facilitate data modernization across your organization.  I am excited to announce two new features for User data functions:  

New features:

1. Authenticate with Service principal names (SPN): This will allow you to securely invoke a function with SPN from an external application. By using service principals, you can connect to your data sources securely while minimizing the risks of human error and identity-based vulnerabilities. To learn more about service principals, see Application and service principal objects in Microsoft Entra ID. 

2. Upload private libraries: This will allow you to bring your own private libraries built for your organization business needs. Using private libraries, you can now define functions that are internal to your organization and streamline your business processes.  

Using service principal names (SPN) with user data functions

Service Principal Names (SPN) offer a way to achieve  the balance of security and convenience by allowing a service-level identity to run your functions. Using SPN with User data functions can enable enterprises to create efficient, automated, and secure solutions tailored to their needs.  

How do I set up SPN for user data functions?

If you are planning on using Service Principal or Managed Identity, follow these steps.

1. Create a service principal, assign roles, and create secret using Azure.
2. Ensure the tenant admin can enable Service principals can use Fabric APIs in Fabric Admin portal.

Select Manage access add SPN to give access to the workspace. You can also update the access permissions on the artifact level. Note that a user with Administrator workspace role can only grant access for an SPN.

Upload private libraries

You can now upload a private .whl file represents a private library to a user data functions item. These private libraries are code created by you or your organization. Data engineering can be challenging, especially with data quality and complex analytics. Private libraries help streamline work and enable proprietary code use within a team securely. Fabric User data functions now allow custom library uploads in .whl format, containing scripts or modules for internal business logic. This can improve developer productivity and automate business processes.  To learn more, refer to How to manage public and private libraries.

Limitations of private libraries

• The .whl file size must be less than 30MB.
• The .whl file must be OS agnostic. If the file is specific to an operating system for example numpy-2.2.2-cp311-cp311-linux_armv6l.whl, it will fail to upload.

Conclusion

To sum up, using Service Principal and Managed Identity, along with private libraries for Fabric user data functions, makes working with data much easier and more secure. These features let developers customize pipelines and use their own code to solve problems, boosting productivity in teams.