![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 65%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,358 questions
Answered my own question...
From: https://learn.microsoft.com/en-us/azure/synapse-analytics/security/how-to-set-up-access-control#configure-database-scoped-permissions
Synapse SQL Administrator gives db_datareader and db_datawriter on serverless pool databases. Instead, customer can create a user in synapse serverless and assign only db_datareader. This user/account does not need RBAC in Synapse Studio, but needs Storage Account Reader RBAC
Configure Database-scoped permissions
You can grant users access to a single serverless SQL database with the steps outlined in this example:
Create a login. Change to the master database context.
SQL
Copy
--In the master database
CREATE LOGIN [alias@keyman .com] FROM EXTERNAL PROVIDER;
Create user in your database. Change context to your database.
SQL
Copy
-- In your database
CREATE USER alias FROM LOGIN [alias@keyman .com];
Add user as a member of the specified role in your database (in this case, the db_owner role).
SQL
Copy
ALTER ROLE db_owner ADD member alias; -- Type USER name from step 2
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)