Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,696 questions
RBAC role for synapse for pipelin execution and cancelletion
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 27%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPJ%3C/text%3E%3C/svg%3E)
Priya Jha
871
Reputation points
Hi All,
RBAC role for execution and cancellation of pipelines in synapse equivalent to ADF below roles
/ Microsoft.DataFactory/factories/pipelines/createrun/action
/ Microsoft.DataFactory/factories/cancelpipelinerun/action
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 36%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
Bhargava-MSFT 29,266 Reputation points Microsoft Employee2022-11-10T00:22:40.033+00:00 Hello @Priya Jha
Welcome to the MS Q&A platform.
'Microsoft.Synapse/workspaces/pipelines/' is the equivalent to adf's 'Microsoft.DataFactory/factories/pipelines/'
-
Nandan Hegde 31,511 Reputation points MVP2022-11-10T07:11:41.46+00:00 Hey,
I am not sure there are any equivalent roles in synapse for this purpose via custom roleTo restrict run/cancel pipelines access in Synapse workspace you can assign Synapse Monitoring Operator role using the RBAC in synapse. Refer Synapse RBAC roles and the actions they permit : https://learn.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-synapse-rbac-roles#synapse-rbac-roles-and-the-actions-they-permit
To execute :
@PRADEEPCHEEKATLA-MSFT @KranthiPakala-MSFT : Can you all confirm on this?
-
Priya Jha 871 Reputation points
2022-11-23T08:14:06.17+00:00 @Nandan Hegde @KranthiPakala-MSFT @PRADEEPCHEEKATLA-MSFT
Can you all please confirm whether the above answer is correct and we can create custom role to only trigger pipelines and nothing else (no publish, no edit, etc.)
-
Priya Jha 871 Reputation points
2022-11-28T07:06:24.64+00:00 Hi @Nandan Hegde @KranthiPakala-MSFT @PRADEEPCHEEKATLA-MSFT @Bhargava-MSFT @AnnuKumari-MSFT @ShaikMaheer-MSFT
Can you all please confirm since its been more than 3 weeks.
Should i raise a support ticket for this? As i am blocked because of this.
-
Bhargava-MSFT 29,266 Reputation points Microsoft Employee
2022-11-28T22:29:36.547+00:00 Hello @Priya Jha ,
As per the documentation, to create a trigger, including trigger now it requires- read,credentials/useSecret/action on Synapse User and Synapse Credential User on the WorkspaceSystemIdentity
I hope this helps.
-
Priya Jha 871 Reputation points
2022-12-09T12:46:57.87+00:00 Would giving the above set of access result in the user getting anything else other than executing or triggering the pipeline.
Note -- I want to give the user read and trigger access on all pipelines and nothing else in Synpase workspace -
Bhargava-MSFT 29,266 Reputation points Microsoft Employee
2022-12-09T18:06:39.957+00:00 Hello @Priya Jha ,
Thank you for letting me know. Let me check with my internal team and get back to you. -
Bhargava-MSFT 29,266 Reputation points Microsoft Employee
2022-12-14T21:27:16.2+00:00 Hello @Priya Jha ,
I am still checking with my internal team on this. I will get back to you as soon as I hear from them.
Thank you for your patience. -
Bhargava-MSFT 29,266 Reputation points Microsoft Employee
2022-12-20T22:45:30+00:00 Hello @Priya Jha ,
Sorry for the delayed response.
It doesn't seem like we can create a custom role in the synapse to only trigger pipelines and nothing else.
I tried to check with my internal team on the same, but unfortunately, we are not getting the kind of response from the team here. If you have a support plan, you may file a support ticket, or please let me know if you need any help with the support request. -
Priya Jha 871 Reputation points
2022-12-22T09:22:35.68+00:00 Thanks for your response.
Is there any Microsoft documentation suggesting that Custom Roles cannot be created for Synapse which i could show as proof to my clients.
-
Bhargava-MSFT 29,266 Reputation points Microsoft Employee
2022-12-22T16:54:41.927+00:00 Hello @Priya Jha ,
Thanks for the reply. Sorry, we don't have documentation suggesting that the custom roles aren't supported yet in the synapse. But I got a confirmation from dev team regarding the same.I see the below feedback in the synapse idea forums.
https://feedback.azure.com/d365community/idea/0287e1d8-8dec-ec11-a81b-6045bd7ac9f9
Synapse RBAC roles are pre-defined here
I hope this helps. Please let me know if you have any further questions.
Sign in to comment