Thanks for the question and using MS Q&A platform.
Open the Azure Synapse Analytics workspace in the Azure portal.
So, here’s what I did, but at the Subscription level:
- Click on the relevant Subscription.
- Click on Access Control (IAM)
- Click Add -> Add Custom Role
- Give the role a name of Synapse Data Engineer
- Then on the Permissions tab, click Add Permissions
- Click on Azure Synapse Analytics (workspace)
- Search for interactive and there are the granular permissions.
In-fact, there are a lot of granular permissions for Synapse, so you can go through the list and enable the relevant permissions for your custom role. You can then add in permissions from other services too, E.G. reading/writing to Azure Storage. Essentially you are creating a bespoke permissions role tailored to your security posture, I like that a lot.
I could then browse to the relevant Synapse workspace, click on Access Control (IAM) and add the custom Synapse Data Engineer role to the workspace, allowing the Data Engineer to stop/start interactive authoring.
In the “Actions” section, select the following permissions:
- pipelines/viewOutputs
- pipelines/createRun
- Click on the “Add” button to add the selected permissions.
- Click on the “Review + create” button to review your custom role settings.
- Click on the “Create” button to create your custom role.
please go through https://learn.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-synapse-rbac-roles
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.