![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 77%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC6%3C/text%3E%3C/svg%3E)
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,935 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 36%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
Hello ChoudaryR-6454,
Welcome to the Microsoft Q&A platform.
Synapse access has two scopes.
- Synapse Studio level
- Portal level (workspace level).
For your question:
Yes, it is possible to scope the roles more specifically with the least privileged basis.
To scope down the least privileged access to "workspaces/artifacts/read", you need to use Custom role.
How to create a custom role:
The document below has a detailed explanation about how to create a custom role.
https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles
Here, you need to create a custom role for workspaces/artifacts/read
All custom roles for synapse are prefixed with "Microsoft.Synapse/
Microsoft.Synapse/workspaces/artifacts/read provides read access to the synapse artifacts.
Please see the document below explaining how to manage Synapse RBAC role assignments in Synapse Studio.
Please note: When creating a workspace, the workspace owner automatically gets the Synapse administrator roles in the Synapse Studio.
Also, for a user to be able to run the commands to add Synapse RBAC roles using CLI, the user themselves should have a Synapse Administrator role at the Synapse Studio level.
If you deploy a synapse workspace using the portal, by default, your ID is added as Synapse administrator.
Who can assign Synapse RBAC roles:
Portal level access control:
Studio-level access control:
I hope this helps. If you have any further questions, please let me know.
If this answers your question, please consider accepting the answer by hitting the Accept answer and up-vote as it helps the community look for answers to similar questions.