You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/synapse-analytics/synapse-link/how-to-query-analytical-store-spark-3.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -86,7 +86,7 @@ df.show(10)
86
86
87
87
#### Access token authentication requires role assignment
88
88
89
-
To use the access token approach, you need to generate access tokens. Since access tokens are associated with azure identities, correct role-based access control (RBAC) must be assigned to the identity. The role assignment is on data plane level, and you must have minimum control plane permissions to perform the role assignment. Click [here](https://learn.microsoft.com/azure/cosmos-db/nosql/security/how-to-grant-data-plane-role-based-access) for more information.
89
+
To use the access token approach, you need to generate access tokens. Since access tokens are associated with azure identities, correct role-based access control (RBAC) must be assigned to the identity. The role assignment is on data plane level, and you must have minimum control plane permissions to perform the role assignment. Click [here](./articles/cosmos-db/nosql/security/how-to-grant-data-plane-role-based-access.md) for more information.
90
90
91
91
The Identity Access Management (IAM) role assignments from azure portal are on control plane level and don't affect the role assignments on data plane. Data plane role assignments are only available via Azure CLI. The `readAnalytics` action is required to read data from analytical store in Cosmos DB and is not part of any predefined roles. As such we must create a custom role definition. In addition to the `readAnalytics` action, also add the actions required for Data Reader. Create a JSON file with the following content and name it role_definition.json
92
92
@@ -121,7 +121,7 @@ The Identity Access Management (IAM) role assignments from azure portal are on c
121
121
122
122
#### Generating the access token - Synapse Notebooks
123
123
124
-
The recommended method for Synapse Notebooks is to use service principal with a certificate to generate access tokens. Click [here](https://learn.microsoft.com/azure/synapse-analytics/spark/apache-spark-secure-credentials-with-tokenlibrary) for more information.
124
+
The recommended method for Synapse Notebooks is to use service principal with a certificate to generate access tokens. Click [here](../spark/apache-spark-secure-credentials-with-tokenlibrary.md) for more information.
125
125
126
126
```scala
127
127
The following code snippet has been validated to work in a Synapse notebook
@@ -140,7 +140,7 @@ Now you can use the access token generated in this step to read data from analyt
140
140
> When using an Azure App registration, use the application (Client Id).
141
141
142
142
> [!Note]
143
-
> Currently, Synapse doesn’t support generating access tokens using the azure-identity package in notebooks. Furthermore, synapse VHDs don’t include azure-identity package and its dependencies. Click [here](https://learn.microsoft.com/azure/synapse-analytics/synapse-service-identity) for more information.
143
+
> Currently, Synapse doesn’t support generating access tokens using the azure-identity package in notebooks. Furthermore, synapse VHDs don’t include azure-identity package and its dependencies. Click [here](../spark/synapse-service-identity.md) for more information.
0 commit comments