permissions to refresh a data model in azure analysis services
I am refreshing a data model in Azure Analysis Services using an Azure Function App (C# .NET 6). I am using the Microsoft.AnalysisServices.Tabular package available at https://www.nuget.org/packages/Microsoft.AnalysisServices.NetCore.retail.amd64. When I have read access rights, which have i have been correctly added as a role user and granted permissions for in Azure Analysis Services using ad, the model refresh does not work. I get the following error: 'Azure Analysis Services database not found' (this is because it can't read the Analysis Services DB). I also cannot see the Azure Analysis Services database in SQL Server Management Studio. I can connect to the server, however, I can't expand to see the model. After this, I tried the same for process role permissions and the exact same thing happened. Following this, a new role was created with both read and process rights, which was granted correctly, again getting the same error. I finally tried with admin rights, and the model refreshed correctly. When i log in to SQL Server Management Studio and connect to azure analysis services. If i go into the database section i can click into it and correctly see the azure analysis services database (the model i will be refreshing). The problem with admin rights is that it grants high-level permissions to everything, which is bad for security, and as user i should not allowed admin rights. Are there any permissions that are lower then admin that could allow me to refresh the data model. any workarounds? I expected that read and process rights would be high enough to do what I am doing but it doesn't work code
using System;
using Microsoft.Azure.WebJobs;
using Microsoft.Extensions.Logging;
using Microsoft.AnalysisServices.Tabular;
using Azure.Identity;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.AspNetCore.Http;
using System.Xml;
namespace refreshModel
{
public static class AnalysisServicesRefreshFunction
{
[FunctionName("AnalysisServicesRefreshFunction")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req, ILogger log)
{
log.LogInformation($"C# HTTP trigger function executed at: {DateTime.Now}");
// Retrieve environment variables
string env = Environment.GetEnvironmentVariable("ENV");
if (string.IsNullOrEmpty(env))
{
return new BadRequestObjectResult("ENV environment variable is not found.");
}
// Analysis services details
string serverNamePrefix = "serverNamePrefix";
string serverName = serverNamePrefix + env;
string aasDatabaseName = "aasDatabaseName";
string uId = "myAdId";
string pass = "mypass";
var connectionString = $"Provider=MSOLAP;Data Source=asazure://uksouth.asazure.windows.net/{serverName}:rw;Initial Catalog={aasDatabaseName};User ID={uId};Password={pass};";
using (var server = new Server())
{
try
{
server.Connect(connectionString);
}
catch (Exception ex)
{
log.LogError($"An error occurred while connecting to the server: {ex.Message}");
return new BadRequestObjectResult($"An error occurred while connecting to the server: {ex.Message}");
}
try
{
Database database = server.Databases.FindByName(aasDatabaseName);
if (database == null)
{
return new BadRequestObjectResult("Azure analysis services database not found.");
}
Model model = database.Model;
if (model == null)
{
return new BadRequestObjectResult("Model not found.");
}
// Refresh the model
model.RequestRefresh(RefreshType.Full);
model.SaveChanges();
log.LogInformation("Data model refresh requested successfully.");
return new OkObjectResult("Data model refresh requested successfully.");
}
catch (Exception ex)
{
log.LogError($"An error occurred while refreshing the data model: {ex.Message}");
return new BadRequestObjectResult($"An error occurred while refreshing the data model: {ex.Message}");
}
}
}
}
}