Welcome to Microsoft Q&A platform and thanks for posting your question here.
- To view the login, session failure, and logout of a user in the Synapse Workspace Log Analytics when they enter the Synapse Studio, you can use the SQL Server Audit feature. SQL Server Audit enables you to create server audits, which can capture and log server-level events and database-level events. You can then use Synapse Workspace Log Analytics to analyze the audit logs and extract the required information.
Kindly refer this support documentation Auditing - Azure SQL Database and Azure Synapse Analytics | Microsoft Learn - Regarding the
SqlSecurityAuditEvents
table of the Synapse Workspace Log Analytics, when the user tries to authenticate to the database through Synapse Studio, it only shows the IP in the actionid field because the user is not providing any T-SQL commands. However, when the user tries to authenticate by SQL Server Management, it shows the user T-SQL because the user is providing T-SQL commands.
You can find more information in the SQL Server Audit (Database Engine) documentation. - This is because the Synapse Workspace Log Analytics captures the authentication events from the SQL Server Management Studio and records them in the
SqlSecurityAuditEvents
table. The table contains information about the user who attempted to authenticate, the IP address from which the authentication attempt was made, and the authentication result.Therefore, if the authentication attempt fails, the Synapse Workspace Log Analytics will record the user who attempted to authenticate, along with the IP address. This information can be used to troubleshoot authentication issues and identify potential security threats.
Kindly refer this article for more information Monitor Azure Synapse Analytics Using Log Analytics (c-sharpcorner.com) - The DBAF
actionName
in theSqlSecurityAuditEvents
table of the Synapse Workspace Log Analytics indicates that an authentication attempt was made to access a database, and the attempt failed due to an authorization failure. This means that the user who attempted to authenticate did not have the necessary permissions to access the database.The authorization failure can occur due to various reasons, such as incorrect login credentials, insufficient permissions, or a misconfigured security policy. It is also possible that the authentication attempt failed due to a network error, but in that case, the error message would be different from the authorization failure message.
You can find more information in SQL Authentication in Azure Synapse Analytics - Azure Synapse Analytics | Microsoft Learn I hope this helps! Let me know if you have any further questions or concerns.