Spark Table to Serverless Pool Metadata Sync

Published Feb 13 2021 04:17 PM 2,576 Views
Microsoft

Synapse provides an exciting feature which allows you to sync Spark database objects to Serverless pools and to query these objects without the Spark pool being active or running.  Synapse workspaces are accessed exclusively through an Azure AD Account and objects are created within this context in the Spark pool. In some scenarios I would like to share the data which I've created in my Spark database with other users for reporting or analysis purposes. This is possible with Serverless and in this article I will show you how to complete the required steps from creation of the object to successful execution. 

 

In attempt to reproduce a real-world scenario where one Domain user creates a database in a Spark Pool with objects which are synced to Serverless Pool I made use of an admin user and Test user.

 

I started by creating a database and a table with parquet storage format in Spark pool Notebook,  as per the example found here Shared metadata tables - Azure Synapse Analytics | Microsoft Docs

(Only Parquet Format tables will be synced to Serverless, no other format will be synchronized)

 

%%sql

Create database CharlSync

 

CREATE TABLE CharlSync.myParquetTable(id int, name string, birthdate date) USING Parquet

 

 

%%csharp

 

using Microsoft.Spark.Sql.Types;

 

var data = new List<GenericRow>();

 

data.Add(new GenericRow(new object[] { 1, "Charl", new Date(2010, 1, 1)}));

data.Add(new GenericRow(new object[] { 2, "Bob", new Date(2020, 1, 1)}));

data.Add(new GenericRow(new object[] { 3, "Bob", new Date(2021, 1, 1)}));

data.Add(new GenericRow(new object[] { 4, "Bob", new Date(2019, 1, 1)}));

 

var schema = new StructType

    (new List<StructField>()

        {

            new StructField("id", new IntegerType()),

            new StructField("name", new StringType()),

            new StructField("birthdate", new DateType())

        }

    );

 

var df = spark.CreateDataFrame(data, schema);

df.Write().Mode(SaveMode.Append).InsertInto("CharlSync.myParquetTable");

 

The data has been written to the table and I can perform a SQL select from the table in my Sparkpool

 

CharlRoux_0-1613259812711.png

 

 

 

 

The table is visible in the and the object which I created is listed in the Spark database.

 

CharlRoux_1-1613259812720.png

 

 

From SQL Serverless I can select from the metadata database without any problem as I am the owner and creator of the database and object, from a storage account perspective my admin account has been granted storage blob contributor access and therefore I am able to write to the storage account and access the data without failure.

 

 

CharlRoux_2-1613259812728.png

 

 

 

Now let’s move on to SSMS or Azure Data Studio

In SSMS I open up an Azure AD connection and connect with my domain account , from the metadata database I run a select statement on the table

CharlRoux_3-1613259812733.png

 

It returns invalid object name; this is not supposed to be the case.

I verify the object name in sys.objects and as you can see it is lowercase, the object is case sensitive in Serverless.

 

CharlRoux_4-1613259812735.png

 

I change my object to the name as per the sys.objects table and it returns my data as expected from the metadata sync table.

 

CharlRoux_5-1613259812739.png

 

 

I will now create an Azure AD User in my Serverless Pool and grant the user access in order to execute statements.

 

As per our documentation the access is based on the service principal permissions at a storage level,  and if your user has access to the service it can execute statements, with server less all access is governed by storage account level permissions and through database or servers scoped credentials.

 

I therefore do not have to assign any additional permissions or role access within the server itself.

 

CharlRoux_6-1613259812742.png

 

The test user has been created in the sqlodtest database and I connect to the database and attempt to access the table, which fails.  The reason for the failure is that the user account has not been granted access to the default storage account and subsequent container and folders.  

 

CharlRoux_7-1613259812745.png

 

The Domain user account requires access to the folder which has been created in the default storage account, a folder per table is created as follows: /<containername>/synapse/workspaces/<workspacename>/warehouse/<sparkdatabasename>.db/<tablename>

 

As the user execution context is being used to connect to the storage account, I grant the user account Storage blob reader RBAC Permissions on the container and underlying folders. 

 

CharlRoux_8-1613259812750.png

 

 

CharlRoux_9-1613259812753.png

 

As per the published documentation on Workspace permissions I only have to grant the User Permissions in my On-Demand Database.  

Understand the roles required to perform common tasks in Synapse - Azure Synapse Analytics | Microso...

 

CharlRoux_10-1613259812755.png

 

Within the workspace under Access Control I validate that my test account does not have any workspace level permissions, the highlighted account below is my admin account.

 

CharlRoux_11-1613259812766.png

 

 

Once you have completed all of the above-mentioned actions and created the User account in the Serverless database and granted the account folder level RBAC permissions, It is important that you disconnect from the Serverless session and re-connect.  

 

I connect to my Serverless database which I created earlier and to which I granted my Test user access, I am then able to execute the statement against the “Spark replicated database and table and return data.

 

CharlRoux_12-1613259812777.png

 

 

Microsoft Documentation

Understand the roles required to perform common tasks in Synapse - Azure Synapse Analytics | Microso...

Shared metadata tables - Azure Synapse Analytics | Microsoft Docs

 

%3CLINGO-SUB%20id%3D%22lingo-sub-2132666%22%20slang%3D%22en-US%22%3ESpark%20Table%20to%20Serverless%20Pool%20Metadata%20Sync%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2132666%22%20slang%3D%22en-US%22%3E%3CP%3ESynapse%20provides%20an%20exciting%20feature%20which%20allows%20you%20to%20sync%20Spark%20database%20objects%20to%20Serverless%20pools%20and%20to%20query%20these%20objects%20without%20the%20Spark%20pool%20being%20active%20or%20running.%26nbsp%3B%20Synapse%20workspaces%20are%20accessed%20exclusively%20through%20an%20Azure%20AD%20Account%20and%20objects%20are%20created%20within%20this%20context%20in%20the%20Spark%20pool.%20In%20some%20scenarios%20I%20would%20like%20to%20share%20the%20data%20which%20I've%20created%20in%20my%20Spark%20database%20with%20other%20users%20for%20reporting%20or%20analysis%20purposes.%20This%20is%20possible%20with%20Serverless%20and%20in%20this%20article%20I%20will%20show%20you%20how%20to%20complete%20the%20required%20steps%20from%20creation%20of%20the%20object%20to%20successful%20execution.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20attempt%20to%20reproduce%20a%20real-world%20scenario%20where%20one%20Domain%20user%20creates%20a%20database%20in%20a%20Spark%20Pool%20with%20objects%20which%20are%20synced%20to%20Serverless%20Pool%20I%20made%20use%20of%20an%20admin%20user%20and%20Test%20user.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20started%20by%20creating%20a%20database%20and%20a%20table%20with%20parquet%20storage%20format%20in%20Spark%20pool%20Notebook%2C%20%26nbsp%3Bas%20per%20the%20example%20found%20here%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsynapse-analytics%2Fmetadata%2Ftable%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EShared%20metadata%20tables%20-%20Azure%20Synapse%20Analytics%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E(Only%20Parquet%20Format%20tables%20will%20be%20synced%20to%20Serverless%2C%20no%20other%20format%20will%20be%20synchronized)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%25%25sql%3C%2FP%3E%0A%3CP%3ECreate%26nbsp%3Bdatabase%26nbsp%3BCharlSync%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECREATE%26nbsp%3BTABLE%26nbsp%3BCharlSync.myParquetTable(id%26nbsp%3Bint%2C%26nbsp%3Bname%26nbsp%3Bstring%2C%26nbsp%3Bbirthdate%26nbsp%3Bdate)%26nbsp%3BUSING%26nbsp%3BParquet%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%25%25csharp%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eusing%26nbsp%3BMicrosoft.Spark.Sql.Types%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Evar%26nbsp%3Bdata%26nbsp%3B%3D%26nbsp%3Bnew%26nbsp%3BList%3CGENERICROW%3E()%3B%3C%2FGENERICROW%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Edata.Add(new%26nbsp%3BGenericRow(new%26nbsp%3Bobject%5B%5D%26nbsp%3B%7B%26nbsp%3B1%2C%26nbsp%3B%22Charl%22%2C%26nbsp%3Bnew%26nbsp%3BDate(2010%2C%26nbsp%3B1%2C%26nbsp%3B1)%7D))%3B%3C%2FP%3E%0A%3CP%3Edata.Add(new%26nbsp%3BGenericRow(new%26nbsp%3Bobject%5B%5D%26nbsp%3B%7B%26nbsp%3B2%2C%26nbsp%3B%22Bob%22%2C%26nbsp%3Bnew%26nbsp%3BDate(2020%2C%26nbsp%3B1%2C%26nbsp%3B1)%7D))%3B%3C%2FP%3E%0A%3CP%3Edata.Add(new%26nbsp%3BGenericRow(new%26nbsp%3Bobject%5B%5D%26nbsp%3B%7B%26nbsp%3B3%2C%26nbsp%3B%22Bob%22%2C%26nbsp%3Bnew%26nbsp%3BDate(2021%2C%26nbsp%3B1%2C%26nbsp%3B1)%7D))%3B%3C%2FP%3E%0A%3CP%3Edata.Add(new%26nbsp%3BGenericRow(new%26nbsp%3Bobject%5B%5D%26nbsp%3B%7B%26nbsp%3B4%2C%26nbsp%3B%22Bob%22%2C%26nbsp%3Bnew%26nbsp%3BDate(2019%2C%26nbsp%3B1%2C%26nbsp%3B1)%7D))%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Evar%26nbsp%3Bschema%26nbsp%3B%3D%26nbsp%3Bnew%26nbsp%3BStructType%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B(new%26nbsp%3BList%3CSTRUCTFIELD%3E()%3C%2FSTRUCTFIELD%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%7B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bnew%26nbsp%3BStructField(%22id%22%2C%26nbsp%3Bnew%26nbsp%3BIntegerType())%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bnew%26nbsp%3BStructField(%22name%22%2C%26nbsp%3Bnew%26nbsp%3BStringType())%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3Bnew%26nbsp%3BStructField(%22birthdate%22%2C%26nbsp%3Bnew%26nbsp%3BDateType())%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%7D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B)%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Evar%26nbsp%3Bdf%26nbsp%3B%3D%26nbsp%3Bspark.CreateDataFrame(data%2C%26nbsp%3Bschema)%3B%3C%2FP%3E%0A%3CP%3Edf.Write().Mode(SaveMode.Append).InsertInto(%22CharlSync.myParquetTable%22)%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20data%20has%20been%20written%20to%20the%20table%20and%20I%20can%20perform%20a%20SQL%20select%20from%20the%20table%20in%20my%20Sparkpool%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_0-1613259812711.png%22%20style%3D%22width%3A%20619px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254782i8A9C593048BAF057%2Fimage-dimensions%2F619x326%3Fv%3D1.0%22%20width%3D%22619%22%20height%3D%22326%22%20role%3D%22button%22%20title%3D%22CharlRoux_0-1613259812711.png%22%20alt%3D%22CharlRoux_0-1613259812711.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20table%20is%20visible%20in%20the%20and%20the%20object%20which%20I%20created%20is%20listed%20in%20the%20Spark%20database.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_1-1613259812720.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254781i9959C24271062ACA%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22CharlRoux_1-1613259812720.png%22%20alt%3D%22CharlRoux_1-1613259812720.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFrom%20SQL%20Serverless%20I%20can%20select%20from%20the%20metadata%20database%20without%20any%20problem%20as%20I%20am%20the%20owner%20and%20creator%20of%20the%20database%20and%20object%2C%20from%20a%20storage%20account%20perspective%20my%20admin%20account%20has%20been%20granted%20storage%20blob%20contributor%20access%20and%20therefore%20I%20am%20able%20to%20write%20to%20the%20storage%20account%20and%20access%20the%20data%20without%20failure.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_2-1613259812728.png%22%20style%3D%22width%3A%20669px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254783iB3D3CECBD2806391%2Fimage-dimensions%2F669x368%3Fv%3D1.0%22%20width%3D%22669%22%20height%3D%22368%22%20role%3D%22button%22%20title%3D%22CharlRoux_2-1613259812728.png%22%20alt%3D%22CharlRoux_2-1613259812728.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20let%E2%80%99s%20move%20on%20to%20SSMS%20or%20Azure%20Data%20Studio%3C%2FP%3E%0A%3CP%3EIn%20SSMS%20I%20open%20up%20an%20Azure%20AD%20connection%20and%20connect%20with%20my%20domain%20account%20%2C%20from%20the%20metadata%20database%20I%20run%20a%20select%20statement%20on%20the%20table%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_3-1613259812733.png%22%20style%3D%22width%3A%20613px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254786i543DD80ACA14540B%2Fimage-dimensions%2F613x284%3Fv%3D1.0%22%20width%3D%22613%22%20height%3D%22284%22%20role%3D%22button%22%20title%3D%22CharlRoux_3-1613259812733.png%22%20alt%3D%22CharlRoux_3-1613259812733.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20returns%20invalid%20object%20name%3B%20this%20is%20not%20supposed%20to%20be%20the%20case.%3C%2FP%3E%0A%3CP%3EI%20verify%20the%20object%20name%20in%20sys.objects%20and%20as%20you%20can%20see%20it%20is%20lowercase%2C%20the%20object%20is%20case%20sensitive%20in%20Serverless.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_4-1613259812735.png%22%20style%3D%22width%3A%20495px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254785i499403A43D5CBEA2%2Fimage-dimensions%2F495x172%3Fv%3D1.0%22%20width%3D%22495%22%20height%3D%22172%22%20role%3D%22button%22%20title%3D%22CharlRoux_4-1613259812735.png%22%20alt%3D%22CharlRoux_4-1613259812735.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20change%20my%20object%20to%20the%20name%20as%20per%20the%20sys.objects%20table%20and%20it%20returns%20my%20data%20as%20expected%20from%20the%20metadata%20sync%20table.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_5-1613259812739.png%22%20style%3D%22width%3A%20465px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254784i77B9A19D187B0462%2Fimage-dimensions%2F465x268%3Fv%3D1.0%22%20width%3D%22465%22%20height%3D%22268%22%20role%3D%22button%22%20title%3D%22CharlRoux_5-1613259812739.png%22%20alt%3D%22CharlRoux_5-1613259812739.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20will%20now%20create%20an%20Azure%20AD%20User%20in%20my%20Serverless%20Pool%20and%20grant%20the%20user%20access%20in%20order%20to%20execute%20statements.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20per%20our%20documentation%20the%20access%20is%20based%20on%20the%20service%20principal%20permissions%20at%20a%20storage%20level%2C%20%26nbsp%3Band%20if%20your%20user%20has%20access%20to%20the%20service%20it%20can%20execute%20statements%2C%20with%20server%20less%20all%20access%20is%20governed%20by%20storage%20account%20level%20permissions%20and%20through%20database%20or%20servers%20scoped%20credentials.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20therefore%20do%20not%20have%20to%20assign%20any%20additional%20permissions%20or%20role%20access%20within%20the%20server%20itself.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_6-1613259812742.png%22%20style%3D%22width%3A%20603px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254787i59F545300596A422%2Fimage-dimensions%2F603x192%3Fv%3D1.0%22%20width%3D%22603%22%20height%3D%22192%22%20role%3D%22button%22%20title%3D%22CharlRoux_6-1613259812742.png%22%20alt%3D%22CharlRoux_6-1613259812742.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20test%20user%20has%20been%20created%20in%20the%20sqlodtest%20database%20and%20I%20connect%20to%20the%20database%20and%20attempt%20to%20access%20the%20table%2C%20which%20fails.%26nbsp%3B%20The%20reason%20for%20the%20failure%20is%20that%20the%20user%20account%20has%20not%20been%20granted%20access%20to%20the%20default%20storage%20account%20and%20subsequent%20container%20and%20folders.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_7-1613259812745.png%22%20style%3D%22width%3A%20599px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254788i9CD1ACF0F494A8E2%2Fimage-dimensions%2F599x277%3Fv%3D1.0%22%20width%3D%22599%22%20height%3D%22277%22%20role%3D%22button%22%20title%3D%22CharlRoux_7-1613259812745.png%22%20alt%3D%22CharlRoux_7-1613259812745.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Domain%20user%20account%20requires%20access%20to%20the%20folder%20which%20has%20been%20created%20in%20the%20default%20storage%20account%2C%20a%20folder%20per%20table%20is%20created%20as%20follows%3A%20%2F%3CSTRONG%3E%3CCONTAINERNAME%3E%3C%2FCONTAINERNAME%3E%3C%2FSTRONG%3E%2Fsynapse%2Fworkspaces%2F%3CSTRONG%3E%3CWORKSPACENAME%3E%2F%3C%2FWORKSPACENAME%3E%3C%2FSTRONG%3Ewarehouse%2F%3CSTRONG%3E%3CSPARKDATABASENAME%3E%3C%2FSPARKDATABASENAME%3E%3C%2FSTRONG%3E.db%2F%3CSTRONG%3E%3CTABLENAME%3E%3C%2FTABLENAME%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20the%20user%20execution%20context%20is%20being%20used%20to%20connect%20to%20the%20storage%20account%2C%20I%20grant%20the%20user%20account%20Storage%20blob%20reader%20RBAC%20Permissions%20on%20the%20container%20and%20underlying%20folders.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_8-1613259812750.png%22%20style%3D%22width%3A%20690px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254789i75F490D0D082AA1E%2Fimage-dimensions%2F690x252%3Fv%3D1.0%22%20width%3D%22690%22%20height%3D%22252%22%20role%3D%22button%22%20title%3D%22CharlRoux_8-1613259812750.png%22%20alt%3D%22CharlRoux_8-1613259812750.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_9-1613259812753.png%22%20style%3D%22width%3A%20700px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254791i621F45A19073E1C2%2Fimage-dimensions%2F700x98%3Fv%3D1.0%22%20width%3D%22700%22%20height%3D%2298%22%20role%3D%22button%22%20title%3D%22CharlRoux_9-1613259812753.png%22%20alt%3D%22CharlRoux_9-1613259812753.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20per%20the%20published%20documentation%20on%20Workspace%20permissions%20I%20only%20have%20to%20grant%20the%20User%20Permissions%20in%20my%20On-Demand%20Database.%20%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsynapse-analytics%2Fsecurity%2Fsynapse-workspace-understand-what-role-you-need%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUnderstand%20the%20roles%20required%20to%20perform%20common%20tasks%20in%20Synapse%20-%20Azure%20Synapse%20Analytics%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_10-1613259812755.png%22%20style%3D%22width%3A%20635px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254790i7404477F9D2009D1%2Fimage-dimensions%2F635x54%3Fv%3D1.0%22%20width%3D%22635%22%20height%3D%2254%22%20role%3D%22button%22%20title%3D%22CharlRoux_10-1613259812755.png%22%20alt%3D%22CharlRoux_10-1613259812755.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWithin%20the%20workspace%20under%20Access%20Control%20I%20validate%20that%20my%20test%20account%20does%20not%20have%20any%20workspace%20level%20permissions%2C%20the%20highlighted%20account%20below%20is%20my%20admin%20account.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_11-1613259812766.png%22%20style%3D%22width%3A%20561px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254792i184C67043FCD63DD%2Fimage-dimensions%2F561x199%3Fv%3D1.0%22%20width%3D%22561%22%20height%3D%22199%22%20role%3D%22button%22%20title%3D%22CharlRoux_11-1613259812766.png%22%20alt%3D%22CharlRoux_11-1613259812766.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20you%20have%20completed%20all%20of%20the%20above-mentioned%20actions%20and%20created%20the%20User%20account%20in%20the%20Serverless%20database%20and%20granted%20the%20account%20folder%20level%20RBAC%20permissions%2C%20It%20is%20important%20that%20you%20disconnect%20from%20the%20Serverless%20session%20and%20re-connect.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20connect%20to%20my%20Serverless%20database%20which%20I%20created%20earlier%20and%20to%20which%20I%20granted%20my%20Test%20user%20access%2C%20I%20am%20then%20able%20to%20execute%20the%20statement%20against%20the%20%E2%80%9CSpark%20replicated%20database%20and%20table%20and%20return%20data.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22CharlRoux_12-1613259812777.png%22%20style%3D%22width%3A%20566px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F254793i7E7159B6CCF093CB%2Fimage-dimensions%2F566x281%3Fv%3D1.0%22%20width%3D%22566%22%20height%3D%22281%22%20role%3D%22button%22%20title%3D%22CharlRoux_12-1613259812777.png%22%20alt%3D%22CharlRoux_12-1613259812777.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EMicrosoft%20Documentation%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsynapse-analytics%2Fsecurity%2Fsynapse-workspace-understand-what-role-you-need%23tasks-and-required-roles%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUnderstand%20the%20roles%20required%20to%20perform%20common%20tasks%20in%20Synapse%20-%20Azure%20Synapse%20Analytics%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsynapse-analytics%2Fmetadata%2Ftable%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EShared%20metadata%20tables%20-%20Azure%20Synapse%20Analytics%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2132666%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20article%20is%20a%20step%20by%20step%20guide%20how%20to%20create%20and%20configure%20Azure%20AD%20Users%20for%20accessing%20Metadata%20synced%20tables%20which%20they%20did%20not%20create.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2132666%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESynapse%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESynapse%20Spark%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESynapse%20SQL%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Co-Authors
Version history
Last update:
‎Sep 15 2021 12:08 PM
Updated by: