Share via

Trouble Granting Managed Identity Access for Pausing/Resuming Azure synpase

Thomaskyle 380 Reputation points
2024-09-18T16:48:59.8633333+00:00

I’m fairly new to Azure and even though this might seem like a simple task, I’m finding it challenging. I’ve set up an Azure Synapse workspace with a dedicated SQL pool, and my assignment is to schedule pausing and resuming the pool. I followed a tutorial to achieve this by creating a pipeline with web activities that send REST requests to the https://management.azure.com/ API to check the pool’s status and manage the pause/resume actions.

For authentication, I’m using the system-assigned managed identity, but I’m encountering the following error:

{
  "errorCode": "2108",
  "message": "{\"error\":{\"code\":\"AuthorizationFailed\",\"message\":\"The client 'xxxxxxxxxxxxxxxxxxxx' with object id 'xxxxxxxxxxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Synapse/workspaces/sqlPools/read' over scope '/subscriptions/xxxxxxxxxxxxxxxxxx/resourceGroups/xxxxxxxxxxx/providers/Microsoft.Synapse/workspaces/xxxxxxxxxxxxxxx/sqlPools/xxxxxxxxxxxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials.\"}}",
  "failureType": "UserError",
  "target": "PoolStatusCheck",
  "details": []
}

I’m not sure how to give the managed identity the necessary permissions to access the resource. Could someone guide me on how to resolve this?

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,935 questions
Accepted answer
  1. Smaran Thoomu 16,230 Reputation points Microsoft Vendor
    2024-09-18T21:29:51.0533333+00:00

    Hi @Thomaskyle
    Thank you for using Microsoft Q&A platform and thanks for posting your question here.

    As I understand you are encountering an authorization error while using a system-assigned managed identity to access the Azure Synapse workspace and dedicated SQL pool. To resolve this issue, you need to grant the managed identity the necessary permissions to access the resource.

    If the Synapse managed identity doesn't have permission to perform actions like pause or resume, you might encounter the error mentioned below. To fix this, assign the contributor role to the workspace's managed identity as follows:
    enter image description here

    Go to the IAM section of the Synapse workspace, click 'Add,' and then select 'Add role assignment' as shown below:

    enter image description here

    Go to Privileged Administrator Roles and select the Contributor role, as shown below:

    enter image description here

    Click on next select managed identity as shown below:
    enter image description here

    Once the role is assigned successfully, the web activity will run without any errors, and actions like pause or resume will work correctly using the REST API, as shown below:

    enter image description here

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.