You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/cosmos-db/analytical-store-introduction.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -341,7 +341,7 @@ Analytical store partitioning is completely independent of partitioning in
341
341
342
342
## Security
343
343
344
-
***Authentication with the analytical store** is the same as the transactional store for a given database. You can use primaryor read-only keys for authentication. You can leverage linked service in Synapse Studio to prevent pasting the Azure Cosmos DB keys in the Spark notebooks. For Azure Synapse SQL serverless, you can use SQL credentials to also prevent pasting the Azure Cosmos DB keys in the SQL notebooks. The Access to this Linked Services or to this credentials are available to anyone who has access to the workspace.
344
+
***Authentication with the analytical store** is the same as the transactional store for a given database. You can use primary, secondary, or read-only keys for authentication. You can leverage linked service in Synapse Studio to prevent pasting the Azure Cosmos DB keys in the Spark notebooks. For Azure Synapse SQL serverless, you can use SQL credentials to also prevent pasting the Azure Cosmos DB keys in the SQL notebooks. The Access to these Linked Services or to these SQL credentials are available to anyone who has access to the workspace.
345
345
346
346
***Network isolation using private endpoints** - You can control network access to the data in the transactional and analytical stores independently. Network isolation is done using separate managed private endpoints for each store, within managed virtual networks in Azure Synapse workspaces. To learn more, see how to [Configure private endpoints for analytical store](analytical-store-private-endpoints.md) article.
Copy file name to clipboardExpand all lines: articles/cosmos-db/configure-synapse-link.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -192,7 +192,7 @@ The following options create a container with analytical store by using PowerShe
192
192
## <aid="update-analytical-ttl"></a> Enable analytical store on an existing container
193
193
194
194
> [!NOTE]
195
-
> Due to short-term capacity constraints, you need to register to enable Synapse Link on your existing containers. Depending on the pending requests, approving this request may take anywhere from a day to a week. Instructions to check the request status are provided below. If you have any issues or questions, please reach out to [[email protected]](mailto:[email protected]). This step is required once per subscription, and all new database accounts will also have this capability enabled.
195
+
> Due to short-term capacity constraints, you need to register to enable Synapse Link on your existing containers. Depending on the pending requests, approving this request may take anywhere from a day to a week. Instructions to check the request status are provided below. This step is required once per subscription, and all new database accounts will also have this capability enabled. You need **contributor** or **administrator** Azure built-in roles on your subscription to be able to register your request to use the existing containers feature. If you have any issues or questions, please reach out to [[email protected]](mailto:[email protected]).
196
196
197
197
> [!NOTE]
198
198
> You can turn on analytical store on existing Azure Cosmos DB SQL API containers. This capability is general available and can be used for production workloads.
Copy file name to clipboardExpand all lines: articles/cosmos-db/synapse-link.md
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -114,16 +114,18 @@ Synapse Link is not recommended if you are looking for traditional data warehous
114
114
115
115
* Synapse Link can be enabled on new containers for both SQL API and MongoDB API accounts, but existing containers are only supported for SQL API.
116
116
117
-
* Backup and restore of your data in analytical store isn't supported at this time. This limitation is applied to both periodic and continuous backup modes and doesn't impact your Cosmos DB transactional store data.
117
+
* Backup and restore of your data in analytical store isn't supported at this time. This limitation is applied to both periodic and continuous backup modes and doesn't impact your Cosmos DB transactional store data.
118
118
119
-
* Synapse Link and periodic backup mode coexistence in the same database account is supported. although backup and restore of your data in analytical store isn't supported.
119
+
* Synapse Link and periodic backup mode coexistence in the same database account is supported. You can make backups of your transactional data normally. If you use `transactional TTL` equal or bigger than your `analytical TTL`, you can restore your transactional data and recreate your analytical store.
120
120
121
-
* Synapse Link and continuous backup mode coexistence in the same database account isn't supported.
121
+
* Synapse Link and continuous backup mode coexistence in the same database account isn't supported. If you enable continuous backup mode, you can't turn Synapse Link on, and vice versa.
122
122
123
123
* Accessing the Azure Cosmos DB analytics store with Azure Synapse Dedicated SQL Pool currently isn't supported.
124
124
125
125
* Azure Synapse Link and periodic backup mode can coexist in the same database account. However, analytical store data isn't included in backups and restores. When Synapse Link is enabled, Azure Cosmos DB will continue to automatically take backups of your data in the transactional store at a scheduled backup interval.
126
126
127
+
* RBAC and Managed Identity are currently not supported.
128
+
127
129
128
130
## Security
129
131
@@ -133,7 +135,7 @@ Synapse Link enables you to run near real-time analytics over your mission-criti
133
135
134
136
***Data encryption with customer-managed keys** - You can seamlessly encrypt the data across transactional and analytical stores using the same customer-managed keys in an automatic and transparent manner. Azure Synapse Link only supports configuring customer-managed keys using your Azure Cosmos DB account's managed identity. You must configure your account's managed identity in your Azure Key Vault access policy before enabling Azure Synapse Link](configure-synapse-link.md#enable-synapse-link) on your account. To learn more, see how to [Configure customer-managed keys using Azure Cosmos DB accounts' managed identities](how-to-setup-cmk.md#using-managed-identity) article.
135
137
136
-
***Secure key management** - Accessing the data in analytical store from Synapse Spark and Synapse serverless SQL pools requires managing Azure Cosmos DB keys within Synapse Analytics workspaces. Instead of using the Azure Cosmos DB account keys inline in Spark jobs or SQL scripts, Azure Synapse Link provides more secure capabilities.
138
+
***Secure key management** - Accessing the data in analytical store from Synapse Spark and Synapse serverless SQL pools requires managing Azure Cosmos DB keys within Synapse Analytics workspaces. Instead of using the Azure Cosmos DB account keys inline in Spark jobs or SQL scripts, Azure Synapse Link provides more secure capabilities:
137
139
138
140
* When using Synapse serverless SQL pools, you can query the Azure Cosmos DB analytical store by pre-creating SQL credentials storing the account keys and referencing these in the `OPENROWSET` function. To learn more, see [Query with a serverless SQL pool in Azure Synapse Link](../synapse-analytics/sql/query-cosmos-db-analytical-store.md) article.
0 commit comments