Does Synapse Link for Dataverse use access key to authenticate and push data to the Storage Account?

Abhishek Sarkar 21 Reputation points
2022-11-01T05:43:58.407+00:00

For a customer, the Synapse Link for Dataverse fails whenever storage account access key is disabled. So, wanted to check if Synapse Link for Dataverse uses access key to authenticate and push data to the Storage Account.

Also, another question is whether Synapse link for DV will fail if the storage access key is rotated.

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,416 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,650 questions
{count} votes

1 answer

Sort by: Most helpful
  1. BhargavaGunnam-MSFT 28,926 Reputation points Microsoft Employee
    2022-11-02T16:47:41.177+00:00

    Hello @Abhishek Sarkar ,

    Every secure request to an Azure Storage account must be authorized. By default, requests can be authorized with either Azure Active Directory (Azure AD) credentials, or by using the account access key for Shared Key authorization. Of these two types of authorization, Azure AD provides superior security and ease of use over Shared Key, and is recommended by Microsoft. To require clients to use Azure AD to authorize requests, you can disallow requests to the storage account that are authorized with Shared Key.

    When you disallow Shared Key authorization for a storage account, Azure Storage rejects all subsequent requests to that account that are authorized with the account access keys. Only secured requests that are authorized with Azure AD will succeed.

    The default setting on the storage account is

    Enabled- Allow storage account key access

    Disabled- Default to Azure Active Directory authorization in the Azure portal

    When you disable Allow storage account key access, You should enable AAD. I believe this is the reason for the failure.

    I hope this clarifies you.

    Reference document: https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent?tabs=portal#remediate-authorization-via-shared-key

    256521-image.png

    ------------------------------

    • Please don't forget to click on 130616-image.png and upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators