Synapse dedicated pool database permissions for a USER and its association with azure data factory executions

Vivek Komarla Bhaskar 936 Reputation points
2022-12-01T14:56:14.643+00:00

Hi,

What I have:

  • I have a single instance of dw200c dedicated pool used for both Production and Development activities.
  • I have a separate ADF services for Production & Development.
  • I created two sql user accounts for ADF data load activities.
  • I have multiple schema's inside the pool and each schema has got tables. Lets say for Production I have schemas Products, Services, Logistics & for Development I have Products_Test, Services_Test, Logistics_Test

What I wanted to achieve

  • I wanted to restrict sql user accounts access to either Production / Development.
  • One account having DDL, DML, TCL, DQL, DCL on only Production Schemas and the other only Development Schemas.

I was able to achieve this through granting CONTROL permissions at schema level to each user. After granting I'm able to execute DML/DDL statements directly from the dedicated sql pool but when I do this from ADF I keep getting the error 'There are no permissions to user to perform this operation'. I tried a lot and wasn't sure why and I ended up granting both the sql user accounts access to ADMINISTER DATABASE BULK OPERATIONS after which I'm not receiving any error on ADF. But doing this I ended up giving both the users access to complete database and I'm unable to restrict access at production/development schema level.

How can I achieve my requirement now?
What is the difference between CONTROL & ADMINISTER DATABASE BULK OPERATIONS?
Why CONTROL is able to perform DDL/DML from Synapse but not from ADF?

Please help me out here.

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,031 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
10,954 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.