Share via

Azure Synapse Analytics Serverless - cross database queries

Marcelo Petit 0 Reputation points
2024-07-24T17:19:44.54+00:00

Synapse Analytics Serverless. Scenario: a ViewB in DatabaseB points to ViewA in DatabaseA where same user is created on both databases on order to read ViewB data

Question is how we can hide user access on DatabaseA so only ViewB is reachable but DatabaseA is not reachable or just "hide" from user access.

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,690 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amira Bedhiafi 19,946 Reputation points
    2024-07-24T23:23:09.2233333+00:00

    After you create ViewB in DatabaseB, which points to ViewA in DatabaseA, create the same user in both databases but limit the permissions like below :

    • In DatabaseA, grant the user only the SELECT permission on ViewA.
    • In DatabaseB, grant the user SELECT permission on ViewB.

    Then you explicitly deny the user any other permissions on DatabaseA. This can be done using the DENY statement in SQL.

    Create and Grant Permissions in DatabaseA

    
-- Create ViewA in DatabaseA

CREATE VIEW ViewA AS

SELECT * FROM SomeTable;

-- Create user in DatabaseA

CREATE USER [YourUser] FOR LOGIN [YourLogin];

-- Grant select permission on ViewA

GRANT SELECT ON OBJECT::dbo.ViewA TO [YourUser];

-- Deny all other permissions on DatabaseA

DENY CONNECT TO [YourUser];

    Create and Grant Permissions in DatabaseB

    
-- Create ViewB in DatabaseB pointing to ViewA in DatabaseA

CREATE VIEW ViewB AS

SELECT * FROM DatabaseA.dbo.ViewA;

-- Create user in DatabaseB

CREATE USER [YourUser] FOR LOGIN [YourLogin];

-- Grant select permission on ViewB

GRANT SELECT ON OBJECT::dbo.ViewB TO [YourUser];
    0 comments