Is it possible to specify identity (Managed Identity) the synapse pipeline should run as but not use workspace system msi

Wenjing Zhao 0 Reputation points Microsoft Employee
2024-01-10T05:54:40.5366667+00:00

We have a requirement to create synapse pipeline to run notebook with python script to do some data processing.

For now when we run the pipeline, the identity is the synapse workspace system msi to run the python script, but we don't want to grant permission to this msi, is it possible that we can specify another identity when we create the pipeline but not the system msi?

The key point is from this issue: https://github.com/Azure/azure-sdk-for-python/issues/26997

The Azure.Identity package is not supported in synapse notebook, we only have one workaround to access token based on current identity (which is system msi).

So we must grant the system msi related permission which we don't want to.

Appreciate for the suggestions. thanks!

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,173 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Nandan Hegde 33,946 Reputation points MVP
    2024-01-10T08:10:31.34+00:00

    Hey,

    Unfortunately based on my knowledge, the identity can only be allowed at the workspace level and cannot be assigned at individual pipeline level.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.