Is it possible to hide a pipeline created in Azure Data Factory or Azure Synapse Analytics for a particular user/s?

Rachit Pandya 0 Reputation points

Scenario :
Lets say there are number of department in any organisation. Adf pipeline of one department can only be visible to respective department , not to other department.
For ex. if the adf pipeline created by Data ETL related Department then it should not be visible to Data Analytics Department ,although they are sahring the same workspace(Azure Data Factory/Azure Synaspe Analytics).
Can anyone help with that problem?

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,560 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
9,922 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Harishga 5,115 Reputation points Microsoft Vendor

    Hi @Rachit Pandya
    Welcome to Microsoft Q&A platform and thanks for posting your question here.

    Yes, it is possible to hide a pipeline in Azure Data Factory from specific users. There are several methods to control access to ADF resources:

    • Role-Based Access Control (RBAC): You can use RBAC to create custom roles with specific permissions that restrict access to pipelines. This involves defining a custom role with actions such as Microsoft.DataFactory/factories/pipelines/read and Microsoft.DataFactory/factories/pipelines/write for the specific pipeline you want to restrict.
    • Azure Active Directory (AAD) Groups: By integrating ADF with AAD, you can manage user identities and group memberships. Assigning users to groups and then granting permissions to these groups can help control which pipelines they can access.
    • Resource Locks: While not a method to hide pipelines, resource locks can prevent users from deleting or modifying pipelines, which adds an extra layer of security.
    • Pipeline Activity State: You can set the activity state of a pipeline to inactive, which doesn’t hide the pipeline but prevents it from being executed.
    • Data Factory Management: You can manage user permissions at the Data Factory level, which can indirectly affect visibility if users do not have any permissions to access the Data Factory itself.

    Each of these methods provides different levels of control and can be used in combination to ensure that pipelines are only accessible by the intended users or groups within your organization.

    To specifically hide a pipeline from certain users, you can create a custom role in Azure with permissions that allow reading and writing to a specific pipeline, but not to others. You can use Azure PowerShell to create this role with the AssignableScopes parameter set to the specific pipeline.

    The custom role should include actions like Microsoft.DataFactory/factories/pipelines/read and Microsoft.DataFactory/factories/pipelines/write, but exclude permissions for other pipelines or actions you want to restrict.

    Once the custom role is created, assign it to the users or groups that should have access to the pipeline. This ensures that only these users can see and interact with the pipeline. You can also manage user identities and group memberships through AAD to control access based on departmental membership and ensure that only authorized users can see the pipeline.


    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    1 person found this answer helpful.