Deny public access for synapse studio

Mohammed Thahif BK 341 Reputation points
2022-09-19T06:50:17.68+00:00

Hello, we have configured deny public access to our synapse workspace and pvt endpoints are configured and working properly. However, our synapse administrators are still able to access the studio from public network and able to view all the linked resources,tables, queries etc..

Is this an expected behavior? what error should pop up when tried accessing from public network?

242337-image.png

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,422 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
470 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. PRADEEPCHEEKATLA-MSFT 78,331 Reputation points Microsoft Employee
    2022-09-20T09:55:41.027+00:00

    Hello @Mohammed Thahif BK ,

    Thanks for the question and using MS Q&A platform.

    When you say - However, our synapse administrators are still able to access the studio from public network and able to view all the linked resources,tables, queries etc..

    As per repro from my end when I tried to access the workspace from the same browser - I'm able to still view all the datasets, linked resources tables and scripts so on.

    Note: Please do try to access the synapse workspace from a different browser or incognitive mode which will throws 403 forbidden error message.

    When you disable - Public network access to workspace endpoints. You will not allowed to login directly and you will be exepereiencing the below error message: Failed to load one or more resources due to forbidden issue, error code 403.

    242908-image.png

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is jhow you can be part of Q&A Volunteer Moderators
    1 person found this answer helpful.
    0 comments
  2. Psychotechnopath 31 Reputation points
    2022-12-01T15:13:50.453+00:00

    I'm experiencing a similar issue. I think it has to do with git integration. When I have public network disabled and try to log in with the public endpoint, it still loads all the pipelines/linked service etc. from my Azure DevOps Repository. However, when I try to switch to live mode, i do get the 403 error you describe. Also, the SQL-pool & Spark pool remain unavailable. I don't understand why you would let people authenticate through the public endpoint when you have a workspace where public network access is disabled, and instead throw a 403.

    Why was this design decision made? Isn't it possible to throw an error while trying to authenticate to a synapse workspace when public network is disabled? In this way it's very confusing because you are still able to access your synapse workspace through public network even though public network access is disabled. Only your workspace will not function properly.

    Better would be to deny access alltogether which is what you would expect when you disable public network access.

    Please let me know.

    Kindest regards, Yme

    0 comments
  3. Hill Joseph Alcantara 41 Reputation points
    2023-01-04T01:25:48.49+00:00

    @PRADEEPCHEEKATLA-MSFT Please read @Psychotechnopath 's response. We have the same issue on our end. Is this expected?

    0 comments