![InSpark
Serverless SQL pool:
Dedicated SQL pool:
SQL Pools
SQL
Dedicated
Serverless
use master
go
CREATE LOGIN [erwin.de.kreuk@demo.com] FROM EXTERNAL PROVIDER;
go
use yourdb -- Use your database name
go
CREATE USER demouser FROM LOGIN [erwin.de.kreuk@demo.com];
use yourdb -- Use your database name
go
alter role db_owner Add member demouser
--Create user in the database
CREATE USER [erwin.dekreuk@gmail.com] FROM EXTERNAL PROVIDER;
--Grant role to the user in the database
EXEC sp_addrolemember 'db_owner', 'erwin.dekreuk@gmail.com';](https://image.slidesharecdn.com/dealingwithdifferentsynapseroleserwindekreuk-220129124436/85/Dealing-with-different-Synapse-Roles-in-Azure-Synapse-Analytics-Erwin-de-Kreuk-28-320.jpg)
Dealing with different Synapse Roles in Azure Synapse Analytics Erwin de Kreuk
- 1. InSpark Erwin de Kreuk Dealing with different Roles in Azure Synapse Analytics
- 2. InSpark We help organizations accelerating their digital transformation with impactful Microsoft solutions & expertise We Are InSpark
- 3. InSpark Roles in Azure Synapse Analytics
- 4. InSpark Access Control Azure Roles Synapse Roles SQL Roles Git Permissions Azure Synape
- 5. InSpark Azure Synapse Studio Integration Management Monitoring Security Analytics runtimes Azure Data Lake Storage Azure Synapse Analytics Resource Group Development Resource Group Production Integration runtimes Integration runtimes Workspace Workspace Item Apache Spark Pool Integration Runtime Linked Services Credentials Data Engineers Data Scientists Azure Synapse Studio Integration Management Monitoring Security Analytics runtimes Azure Data Lake Storage Azure Synapse Analytics Integration runtimes Workspace Workspace Item Apache Spark Pool Integration Runtime Linked Services Credentials
- 6. InSpark Azure Synapse Studio Integration Management Monitoring Security Analytics runtimes Azure Data Lake Storage Azure Synapse Analytics Resource Group Development Integration runtimes Workspace Workspace Item Apache Spark Pool Integration Runtime Linked Services Credentials
- 7. InSpark Azure Synapse Analytics Resource Group Development Azure Owner or Contributor Resource Group Create Synapse Workspace Manage Synapse Workspace Synapse Resource Manage Synapse Workspace Azure Contributor Resource Group ARM templates for automated deployment Resource Management Azure Roles
- 8. InSpark Azure Synapse Analytics Resource Group Development Azure Storage Blob Data Contributor User and workspace MSI Reader Resource Group or Synapse Workspace Access Management Azure Roles Azure Data Lake Storage
- 9. InSpark Synapse Administrator Administrators Synapse Apache Spark Administrator Synapse SQL Administrator Synapse Data Explorer Administrator???? Synapse Linked Data Manager Synapse Credential User Synapse Contributor Synapse Roles
- 10. InSpark Azure Synapse Analytics Resource Group Development Roles: Synapse Administrator Synapse SQL Administrator Synapse Apache Spark Administrator SQL Active Directory Admin Administrators Synapse Roles Azure Data Lake Storage Analytics runtimes Integration runtimes
- 11. InSpark Activities: Can read and write artifacts Can do all actions on Spark activities. Can view Spark pool logs Can view saved notebook and pipeline output Can use the secrets stored by linked services or credentials Can assign and revoke Synapse RBAC roles at current scope Synapse Administrator Synapse Roles
- 12. InSpark Activities: Can do all actions on Spark artifacts Can do all actions on Spark activities Synapse Apache Spark Administrator Synapse Roles
- 13. InSpark Activities: Can do all actions on SQL scripts Can connect to SQL serverless endpoints with SQL db_datareader, db_datawriter, connect, and grant permissions Synapse SQL Administrator Synapse Roles
- 15. InSpark Roles: Synapse Contributor Synapse Artifact Publisher Synapse Artifact User Synapse Compute Operator Synapse Credential User Synapse Linked Data Manager Synapse User Workspace Synapse Roles Integration runtimes Azure Synapse Studio Integration Management Monitoring Security Analytics runtimes Azure Data Lake Storage Azure Synapse Analytics Resource Group Development Integration runtimes Workspace
- 18. InSpark Item: Linked Service Apache Spark Pool Integration Runtime Credentials Workspace Item Synapse Roles Azure Synapse Studio Integration Management Monitoring Security Analytics runtimes Azure Data Lake Storage Azure Synapse Analytics Resource Group Development Integration runtimes Workspace Workspace Item Apache Spark Pool Integration Runtime Linked Services Credentials
- 19. InSpark Role assignment on Workspace or Workspace Item Needs to be Synapse Administrator Can also be a guest user No Synapse Administrator Contributor or Owner on the Workspace Advice! => create role assignments based on Security Groups Changes in assignments will take up 2-5 minutes Changes in SG can take 10-15 minutes Role Assignment Synapse Roles
- 20. InSpark No access message in Azure Portal https://web.azuresynapse.net Tips and Tricks Synapse Roles
- 21. InSpark No access message in Azure Portal https://web.azuresynapse Power BI Access is defined on Power BI workspace level Tips and Tricks Synapse Roles
- 22. InSpark No access message in Azure Portal https://web.azuresynapse Power BI Access is defined on Power BI workspace level Publish Error Tips and Tricks Synapse Roles
- 23. InSpark Administrator Contributor Artifact Publisher Apache Spark Administrator SQL Administrator Artifact User Compute Operator Credential User Linked Data Manager User workspaces/read workspaces/roleAssignments/write, delete workspaces/managedPrivateEndpoint/write, delete workspaces/bigDataPools/useCompute/action workspaces/bigDataPools/viewLogs/action workspaces/integrationRuntimes/useCompute/action workspaces/integrationRuntimes/viewLogs/action workspaces/artifacts/read workspaces/notebooks/write, delete workspaces/sparkJobDefinitions/write, delete workspaces/sqlScripts/write, delete workspaces/kqlScripts/write, delete workspaces/dataFlows/write, delete workspaces/pipelines/write, delete workspaces/triggers/write, delete workspaces/datasets/write, delete workspaces/libraries/write, delete workspaces/linkedServices/write, delete workspaces/credentials/write, delete workspaces/notebooks/viewOutputs/action workspaces/pipelines/viewOutputs/action workspaces/linkedServices/useSecret/action workspaces/credentials/useSecret/action Role actions Synapse Roles
- 24. InSpark Demo
- 25. InSpark SQL
- 26. InSpark Synapse Administrator: db_owner (DBO) permissions on the ‘Built-In’ serverless SQL pool Synapse SQL Administrator: Can do all actions on SQL scripts Can connect to SQL serverless endpoints with SQL db_datareader, db_datawriter, connect, and grant permissions Serverless SQL Pool SQL Serverless
- 27. InSpark Synapse Administrator: Full access to data in dedicated SQL pools Grant access to other users Perform configuration and maintenance activities Can't drop dedicated SQL pools Synapse SQL Administrator: No access by default Active Directory Admin: Full access Dedicated SQL Pool SQL Dedicated
- 28. InSpark Serverless SQL pool: Dedicated SQL pool: SQL Pools SQL Dedicated Serverless use master go CREATE LOGIN [erwin.de.kreuk@demo.com] FROM EXTERNAL PROVIDER; go use yourdb -- Use your database name go CREATE USER demouser FROM LOGIN [erwin.de.kreuk@demo.com]; use yourdb -- Use your database name go alter role db_owner Add member demouser --Create user in the database CREATE USER [erwin.dekreuk@gmail.com] FROM EXTERNAL PROVIDER; --Grant role to the user in the database EXEC sp_addrolemember 'db_owner', 'erwin.dekreuk@gmail.com';
- 29. InSpark Demo
- 30. InSpark Azure Dev Ops: Basic user settings Azure Artifact Publisher Azure Contributor (Azure RBAC) or higher role on the Synapse workspace Dev Ops Service Connection: Azure Contributor (Azure RBAC) or higher role on the Resource Group Azure Synapse Administrator Azure Dev Ops GIT Integration
- 31. InSpark Azure Synapse Studio Integration Management Monitoring Security Analytics runtimes Azure Data Lake Storage Azure Synapse Analytics Azure Synapse Studio Integration Management Monitoring Security Azure Data Lake Storage Azure Synapse Analytics Resource Group Development Resource Group Production Integration runtimes Analytics runtimes Integration runtimes Workspace Workspace Item Apache Spark Pool Integration Runtime Linked Services Credentials Workspace Item Apache Spark Pool Integration Runtime Linked Services Credentials Workspace Data Engineers Data Scientists
- 32. InSpark Data Engineers Needs to access SQL Serverless Publish or edit Code Debug pipelines Data Scientist: Needs to access SQL Serverless Needs access to a specified Spark Pool Publish or edit Code Submit Spark Jobs Security Groups Azure Synapse Studio Integration Management Monitoring Security Analytics runtimes Azure Data Lake Storage Azure Synapse Analytics Resource Group Development Integration runtimes Workspace Workspace Item Apache Spark Pool Integration Runtime Linked Services Credentials Data Engineers Data Scientists
- 33. InSpark Demo
- 34. InSpark Acces to Azure Synapse Studio Create SQL Pools/Spark Pools /Data Explorer Pools Execute Notebooks View and edit code Artifacts Debug or Trigger Pipelines Monitor Publish Code Recap Azure Synapse Azure Synapse Studio Integration Management Monitoring Security Analytics runtimes Azure Data Lake Storage Azure Synapse Analytics Resource Group Development Integration runtimes Workspace Workspace Item Apache Spark Pool Integration Runtime Linked Services Credentials Data Engineers Data Scientists
- 35. InSpark @erwindekreuk https://www.linkedin.com/in/erwindekreuk/ https://erwindekreuk.com Slides will be available on my blog
- 36. InSpark