Skip to content

Commit 1ac936c

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #287268 from jonburchel/patch-43
Update data-factory-service-identity.md
2 parents b4f9780 + b9dfdfa commit 1ac936c

File tree

1 file changed

+15
-1
lines changed

1 file changed

+15
-1
lines changed

articles/data-factory/data-factory-service-identity.md

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ ms.topic: conceptual
88
ms.date: 01/05/2024
99
ms.author: abnarain
1010
ms.custom: subject-rbac-steps
11+
ai-usage: ai-assisted
1112
---
1213

1314
# Managed identity for Azure Data Factory
@@ -33,7 +34,20 @@ Managed identity provides the below benefits:
3334

3435
- [Store credential in Azure Key Vault](store-credentials-in-key-vault.md), in which case-managed identity is used for Azure Key Vault authentication.
3536
- Access data stores or computes using managed identity authentication, including Azure Blob storage, Azure Data Explorer, Azure Data Lake Storage Gen1, Azure Data Lake Storage Gen2, Azure SQL Database, Azure SQL Managed Instance, Azure Synapse Analytics, REST, Databricks activity, Web activity, and more. Check the connector and activity articles for details.
36-
- Managed identity is also used to encrypt/decrypt data and metadata using the customer-managed key stored in Azure Key Vault, providing double encryption.
37+
- Managed identity is also used to encrypt/decrypt data and metadata using the customer-managed key stored in Azure Key Vault, providing double encryption.
38+
39+
## Required Roles for Managed Identities
40+
41+
To effectively use managed identities in Azure Data Factory, specific roles must be assigned to ensure proper access and functionality. Below are the roles required:
42+
43+
- **System-Assigned Managed Identity**
44+
- **Reader Role**: This role is necessary to read the metadata of the resources.
45+
- **Contributor Role**: This role is required to manage the resources that the managed identity needs to access.
46+
47+
- **User-Assigned Managed Identity**
48+
- **Managed Identity Operator Role**: This role allows the management of the user-assigned managed identity.
49+
- **Reader Role**: This role is necessary to read the metadata of the resources.
50+
- **Contributor Role**: This role is required to manage the resources that the managed identity needs to access.
3751

3852
## System-assigned managed identity
3953

0 commit comments

Comments
 (0)