Multiple Synapse Analytics Workspace to Single Azure DevOps Repo

Question

Hi,

We have requirement as below., kindly share your guidance.

1. Synapse Analytics as PaaS.
2. For each country/project we will have separate workspace.
3. Cross workspace access should be restricted, this can be achieved through RBAC
4. Is it possible to use single DevOps repo to publish all the artifacts and impose the access restrictions for cross workspace artifacts like pipelines.
5. What is the best approach to achieve this requirement.

Answer 1

Hi Muruga MuthuKrishnan ,

Welcome to Microsoft Q&A platform and thanks for posting your question here.

As per my understanding , you are trying to figure out if it is possible to use a single Azure DevOps repo to publish all the artifacts from multiple Synapse Analytics workspaces while imposing access restrictions for cross-workspace artifacts like pipelines. Please let me know if that is not the concern .

You can use Azure DevOps security groups and Azure Synapse Analytics RBAC to control access to the Azure DevOps repo and Synapse Analytics workspaces, respectively. You can also use Azure Synapse Analytics CI/CD pipelines to automate the deployment of Synapse Analytics artifacts to Azure DevOps.

1. Azure DevOps supports multiple workspaces, and you can use a single Azure DevOps repo to publish all the artifacts from multiple Synapse Analytics workspaces. However, you need to ensure that the access restrictions are imposed correctly to prevent cross-workspace access.
2. To achieve this requirement, you can use Azure DevOps security groups and Azure Synapse Analytics RBAC. You can create security groups in Azure DevOps and assign users or groups to them. Then, you can use these security groups to control access to the Azure DevOps repo.
3. In Azure Synapse Analytics, you can use RBAC to control access to workspaces. You can assign roles to users or groups to control their access to Synapse Analytics resources. You can also use Azure Active Directory (Azure AD) to manage access to Synapse Analytics workspaces.
4. To publish artifacts from Synapse Analytics workspaces to Azure DevOps, you can use Azure Synapse Analytics CI/CD pipelines. These pipelines allow you to automate the deployment of Synapse Analytics artifacts to Azure DevOps. You can also use Azure Synapse Analytics Studio to manage and deploy Synapse Analytics artifacts.

To learn more about Azure Synapse Analytics RBAC, you can refer to the following documentation : Synapse RBAC roles

To learn more about Azure DevOps security groups, kindly refer the following documentation: Add or remove users or groups, manage security groups

To learn more about Azure Synapse Analytics CI/CD pipelines, you can refer to the following documentation: Continuous integration and delivery for an Azure Synapse Analytics workspace

Hope it helps. Kindly accept the answer by clicking on Accept answer button. Thankyou

Answer 2

Hi Annu,

  Thanks for your response, please refer the below scenarios which is bottleneck for me.

1. When multiple developers works in different workspace how to deploy selectively to Publish branch.
2. How to deploy selectively from Publish branch to QA & Prod?
3. When we publish the artifacts & code it will not be workspace centric in DevOps, everything is visible in repo so here how to restrict in DevOps for cross workspace access?
4. Once we deploy to QA, in synapse live we can see everything irrespective of workspace?