Do the VnetId of SSISIR in the ADF CICD needs to parameterize

Oral Chijioke Nnochiri 0 Reputation points
2023-05-13T12:29:12.5366667+00:00
  • Do the
  "vNetProperties": {
                    "vNetId":

properties of the SSISIR integration runtime need to be parameterize when promoting ADF Pipelines from DEV to UAT or PROD using CICD.

I get the following error from CD pipeline "

LinkedAuthorizationFailed: The client 'Obj removed' with object id 'Obj removed' has permission to perform action 'Microsoft.DataFactory/factories/integrationRuntimes/write' on scope '/subscriptions/obj removed/resourcegroups/obj removed/providers/Microsoft.DataFactory/factories/-DATAFACTORY/integrationRuntimes/-DATAFACTORY-SSISIR'; however, it does not have permission to perform action 'join/action' on the linked scope(s) '/subscriptions/Obj removed/resourceGroups/-COMPUTE-dev-RG001/providers/Microsoft.Network/virtualNetworks/Obj removed' or the linked scope(s) are invalid.
  • Using ADFUtility tools to publish Feature Branch for for promoting ADF pipeline from DEV to UAT or PROD instead of Master or Collaboration branch does it have any effect.
Azure SQL Database
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
9,941 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Vedant Desai 651 Reputation points
    2023-05-15T13:44:28.8733333+00:00

    Yes, the VnetId of SSISIR in the ADF CICD needs to be parameterized. This is because the VnetId is a sensitive piece of information that should not be exposed to the public. If the VnetId is not parameterized, it could be exposed to anyone who has access to the ADF CICD pipeline.

    To parameterize the VnetId, you can use the following steps:

    1. In the ADF CICD pipeline, open the Integration Runtime configuration.
    2. In the VNet properties section, click Add.
    3. In the VNet ID field, enter the VnetId of the SSISIR integration runtime.
    4. Click Save.

    Once you have parameterized the VnetId, it will be hidden from the ADF CICD pipeline. Only users who have access to the pipeline parameters will be able to see the VnetId.

    Here are some additional benefits of parameterizing the VnetId:

    • It makes the ADF CICD pipeline more secure.
    • It makes it easier to manage the VnetId.
    • It allows you to use different VnetIds for different environments.

    If you are using ADF CICD, it is important to parameterize the VnetId of the SSISIR integration runtime. This will help to keep your ADF CICD pipeline secure and manageable.

    if you find this helpful please click Accept Answer and upvote.

    0 comments No comments

  2. BhargavaGunnam-MSFT 28,271 Reputation points Microsoft Employee
    2023-05-15T18:47:52.2966667+00:00

    Hello Oral Chijioke Nnochiri,

    Welcome to the MS Q&A platform.

    As per the error message, "The client 'Obj removed' with object id 'Obj removed' has permission to perform action 'Microsoft.DataFactory/factories/integrationRuntimes/write'

    the client with the object id doesn't have permission to perform the action 'join/action' on the linked scope for the virtual network.

    This error can occur when the integration runtime is not able to access the virtual network due to insufficient permissions.

    To resolve this, please provide the permissions to the user or the service principal on the virtual network.

    You can parameterize the vNetProperties of the SSISIR integration runtime to ensure that the integration runtime is able to access the correct virtual network in each environment.

    Regarding the other question, using ADFUtility tools to publish Feature Branch for promoting the ADF pipeline from DEV to UAT or PROD instead of Master or Collaboration branch does not have any effect on the error you are facing. The error is related to the permissions of the client and the linked scope

    I hope this helps. Please let me know if you have any further questions.

    0 comments No comments