Synapse dedicated pool database permissions for a USER and its association with azure data factory executions
Hi,
What I have:
- I have a single instance of dw200c dedicated pool used for both Production and Development activities.
- I have a separate ADF services for Production & Development.
- I created two sql user accounts for ADF data load activities.
- I have multiple schema's inside the pool and each schema has got tables. Lets say for Production I have schemas Products, Services, Logistics & for Development I have Products_Test, Services_Test, Logistics_Test
What I wanted to achieve
- I wanted to restrict sql user accounts access to either Production / Development.
- One account having DDL, DML, TCL, DQL, DCL on only Production Schemas and the other only Development Schemas.
I was able to achieve this through granting CONTROL permissions at schema level to each user. After granting I'm able to execute DML/DDL statements directly from the dedicated sql pool but when I do this from ADF I keep getting the error 'There are no permissions to user to perform this operation'. I tried a lot and wasn't sure why and I ended up granting both the sql user accounts access to ADMINISTER DATABASE BULK OPERATIONS after which I'm not receiving any error on ADF. But doing this I ended up giving both the users access to complete database and I'm unable to restrict access at production/development schema level.
How can I achieve my requirement now?
What is the difference between CONTROL & ADMINISTER DATABASE BULK OPERATIONS?
Why CONTROL is able to perform DDL/DML from Synapse but not from ADF?
Please help me out here.