I am trying to give a service principal SELECT access on my Azure Synapse SQL data.
CREATE USER [MY_SERVICE_PRINCIPAL] FROM EXTERNAL PROVIDER WITH DEFAFULT_SCHEMA=[dbo]
GO
GRANT SELECT ON DATABASE :: MyDB TO [MY_SERVICE_PRINCIPAL];
This works fine, but it requires me logging into the workspace to do this for every single new service principal. Is it possible to automate this? I automate the creation of the service principal via Azure CLI. Is it possible to run this script from a
3
Answers
The best solution I found was to add a whole Azure AD group as a user on the database manually, then for each new user I'm creating, I automate their addition to the group with some basic Azure CLI commands on a DevOps pipeline rather than try with a SQL Script that adds them individually.
CREATE AUTOMATION ACCOUNT
Select Automation Account, and in another screen. Click on Create and fill in the required attributes.
After this import, follow the same process to import Az.Synapse, another required module for this automation task.
4. After clicking on Create a Runbook, an editor will be opened, paste the following code, save the Runbook, and publish it.
After publishing, click on the start button and enter Synapse Analytics values, and a job will be created.
there are various options on the job page like its Status, Errors, Exceptions, etc. After completing the job, the Synapse will Resume/Pause through this Runbook.
Now add a schedule for Runbook to completely Automate the process on schedule. On the Runbook page, click on the link to Schedule button in the ribbon and add Schedule and Configure the required parameters.
As for azure cli, see az synapse and for powershell, see Az.Synapse.