Hi pmscorca,
Thanks for reaching out to Microsoft Q&A.
The Synapse RBAC role that allows you to add a client IP as a firewall rule for a Synapse Analytics workspace is Synapse Contributor. This role grants you the necessary permissions to manage firewall settings, including adding and removing client IP addresses. Additionally, the below roles would be able to perform this action as well:
This role can manage everything except access to the workspace. While it generally allows you to manage firewall rules, specific permissions might need to be verified depending on the exact configuration and policies in place.
- Synapse Administrator: This role has comprehensive access to all aspects of the Synapse workspace, including managing firewall rules.
- Owner: This role provides full access to all resources within the subscription or resource group, including the ability to modify firewall rules for Synapse Analytics.
- Synapse SQL Administrator: Specifically for SQL pool configurations within Synapse Analytics, this role might also have the necessary permissions, but the primary roles to check would be Synapse Administrator or Owner.
Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.