Permissions required for REST API to run Synapse Job Definition Execute

Ryan Abbey 1,176 Reputation points
2021-08-10T00:33:42.213+00:00

We are trying to execute a Synapse spark job definition from a REST API call (via Logic Apps using a Managed Identity) but receiving the error

The bearer token specified with the request is not a valid one. Please specify a valid bearer token.

However, if we run the "Get Job Definitions" or "Get Job Definitions by Workspace" (two GET operations), it works fine. This suggests insufficient permissions for the POST/execute option but unable to find any details to what we should set, anyone know what to try?

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,901 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,479 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Samara Soucy - MSFT 5,051 Reputation points
    2021-08-10T22:40:51.717+00:00

    The required permission is workspaces/integrationRuntimes/useCompute/action (doc). The minimum role that allows this is 'Synapse Compute Operator'. 'Synapse Contributor' and 'Synapse Administrator' also work, but allows additional actions that you may not want your MSI to have.