Configuring access to resources
Once users are authenticated into an Azure Synapse endpoint, such as a Data Explorer pool, a series of access rules will determine whether the user has access to the resource they are requesting, and what level of access they have. Azure Synapse offers a robust and granular mechanism to control access to resources.
Azure Synapse leverages Azure’s Role-Based Access Control (RBAC), the authorization system that is used in Microsoft Azure to provide fine-grained access to Azure resources. RBAC roles consist of three elements:
- Security principals: The leaf object that represents a user account, a group account, a service principal, or a managed identity. This is the object that will be granted access to the desired resource through RBAC.
- Role definitions: The definition of the permission, or group of permissions for the actions that we want to allow with this role. A role definition can contain a single action, such as allowing reading...