Azure SQL Database
An Azure relational database service.
Welp, I take that back. I did the shared access thing, and didn't log out of SQL and back in, I'm now able to read the table using the sql admin user.!!! Woot.
Azure Synapse Link to Dataverse - SQL Connection not working for external data source
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 27%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
John Klemetsrud
1
Reputation point
Ok, so setup Azure Synapse Link in make.powerautomate.com for a Dynamics 365 implimentation.
During the setup, It asks you to create a sqladmin user, which I did.
I have it syncing as a test, 2 dataverse tables, which of course, go into the Azure Data Lake Gen2 as a group of CSV files.
I noticed it creates, for every table, an external data source, an external file, and an external table, which, ok, that's fine.
While logged in (in anyway) as myself (Azure AD Login), I'm able to query these tables.
If I log in using the SQLADMIN user I created (and note, you cannot create new sql users in a replicated DB), and attempt to read the external tables, I get an error that it's unable to read the files in the data lake due to security.
I guess what i'm asking is, is it possible to somehow allow that SQL Admin user that you setup, to read/view the data in the lake proprly?
The error I get is:
Cannot find the CREDENTIAL 'https://synapsedlg2storageacct.dfs.core.windows.net/dataverse-demoaltaidem-org37df66a2/product/*.csv', because it does not exist or you do not have permission.
Again, that is while logged in as the true SQL Login for the SQL Admin user.
Azure SQL Database
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
{count} votes
-
John Klemetsrud 1 Reputation point
2022-01-17T16:56:35.67+00:00 Just for reference, not sure how I never found this before, but i'm looking into it. Not sure if it's what the issue is or not, but will let you know. https://www.arcticdba.se/posts/synapse-sqladminuser/
-
John Klemetsrud 1 Reputation point
2022-01-17T17:01:15.853+00:00 Nope, did that, same issue :(
Sign in to comment
3 answers
Sort by: Most helpful
-
John Klemetsrud 1 Reputation point
2022-01-17T17:20:02.623+00:00 -
John Klemetsrud 1 Reputation point
2022-01-17T17:39:17.68+00:00 Lord, I take it back, still not working, was on wrong server. This is all very frustrating.
Sign in to comment -
-
ShaikMaheer-MSFT 38,556 Reputation points Microsoft Employee Moderator2022-01-19T09:51:01.323+00:00 Hi @John Klemetsrud ,
Thank you for posting query in Microsoft Q&A Platform.
Database user can read the content of the files from the data source using external table or OPENROWSET function that references the data source.
You could try following steps.
- Create external credential object using managed identity of your workspace. Make sure your workspace managed identity has Storage blob Data contributor role.
- Create external datasource object on top of that credential object.
- Now create external table with above objects and then try to query.
Kindly check below link to know Access a data source using credentials.
https://learn.microsoft.com/en-us/azure/synapse-analytics/sql/develop-storage-files-storage-access-control?tabs=user-identity#access-a-data-source-using-credentialsClick here to know about creating external data source.
Click here to know about External tables in Synapse.
Click here to know about create login and user for serverless SQL pool in Synapse.please note, User must have SELECT permission on an external table to read the data.
Hope this helps. Please let us know how it goes.
---------------
Please consider hitting
Accept Answer. Accepted answers helps community as well.-
John Klemetsrud 1 Reputation point
2022-01-19T14:32:07.313+00:00 I went ahead and created a managed identity (User Created one, because I've already tried the shared access). I'll be the first to say, I don't fully understand the entire structure here and usually don't go down that road and leave it to the pros, however; I'm trying to get at least a proof of concept working for a client.
- So I tried the method in the article I shared in one of my replies, and it can see the sql table in synapse, but selecting from it says it doesn't have access to the xxx/*.csv directory in the lake
- After looking at what you wrote (still not clear), I went into Managed Identities in Azure, and created one called SynapseManagedIdentity.
- I added Identity to the azure synapse workspace's Azure role assignments (Went to actual workspace resource, clicked Azure Role assignments, added that identity as Storage Blob Data Contributor).
- I went a bit further, as it's just proof of concept, and added Storage Blob Data Contributor in the resource group for Azure Synapse AND the whole Subscription as well, so now for Workspace, Subscription, and Resource group, all associated with Synapse, Storage Blob Data Contributor has been assigned to the identity.
- This is where I get lost - What to do next. Create the external data source using that Identity. Just do it like the article you said, and get the share access key? Do I need to create the scoped cred using SynapseManagedIdentity?
-
ShaikMaheer-MSFT 38,556 Reputation points Microsoft Employee Moderator
2022-01-22T17:05:46.18+00:00 Hi @John Klemetsrud ,
When I say managed Identity I mean Synapse Workspace Identity. For your simplicity I implemented all steps in my workspace and shared detailed answer help. Kindly check below posted answer.
Sign in to comment -
ShaikMaheer-MSFT 38,556 Reputation points Microsoft Employee Moderator
2022-01-22T17:21:52.963+00:00 Hi @John Klemetsrud ,
In below example I created a External table with external data source having external database scope credential object created using Managed Identity of workspace.
And then created a SQL Login & User for my Synapse SQL and then tried to queried my External table. All works fine. If you make sure below steps are there in your case too then hopefully you will not see error.
Step1: Create External Table.
Step2: SQL login and user created.
Step3: Connected SSMS with above created Login and then tried to queried External table.
So, point to note is When ever we try to query external tables from client tools. The credential object of external data source is going to read data form underlying file from storage. If that credential object Identity dont have permission on that file then we end up with error. Hence we need to make sure our synapse workspace MSI which we used in external credential object should have Storage blob data contributor role on storage.
Hope this helps. Please let us know if any further queries.
------------
Please consider hitting
Accept Answer. Accepted answers helps community as well.-
ShaikMaheer-MSFT 38,556 Reputation points Microsoft Employee Moderator
2022-01-24T17:25:54.273+00:00 Hi @John Klemetsrud ,
Just checking in to see if the below answer helped. If this answers your query, do click
and upvote 
for the same. And, if you have any further query do let us know.
Sign in to comment -