Merge pull request #115126 from jovanpop-msft/patch-168

v-shils · web-flow · commit 512d66288181 · 2020-05-13T11:10:41.000-07:00
Update develop-openrowset.md
diff --git a/articles/synapse-analytics/sql/develop-openrowset.md b/articles/synapse-analytics/sql/develop-openrowset.md
@@ -50,7 +50,7 @@ A database user must have `ADMINISTER BULK OPERATIONS` permission to use the `OP
 The storage administrator must also enable a user to access the files by providing valid SAS token or enabling Azure AD principal to access storage files. Learn more about storage access control in [this article](develop-storage-files-storage-access-control.md).
 
 `OPENROWSET` use the following rules to determine how to authenticate to storage:
-- In `OPENROWSET` with `DATA_SOURCE` authentication mechanism depends on caller type.
+- In `OPENROWSET` without `DATA_SOURCE` authentication mechanism depends on caller type.
   - AAD logins can access files only using their own [Azure AD identity](develop-storage-files-storage-access-control.md?tabs=user-identity#supported-storage-authorization-types) if Azure storage allows the Azure AD user to access underlying files (for example, if the caller has Storage Reader permission on storage) and if you [enable Azure AD passthrough authentication](develop-storage-files-storage-access-control.md#force-azure-ad-pass-through) on Synapse SQL service.
   - SQL logins can also use `OPENROWSET` without `DATA_SOURCE` to access publicly available files, files protected using SAS token or Managed Identity of Synapse workspace. You would need to [create server-scoped credential](develop-storage-files-storage-access-control.md#examples) to allow access to storage files. 
 - In `OPENROWSET` with `DATA_SOURCE` authentication mechanism is defined in database scoped credential assigned to the referenced data source. This option enables you to access publicly available storage, or access storage using SAS token, Managed Identity of workspace, or [Azure AD identity of caller](develop-storage-files-storage-access-control.md?tabs=user-identity#supported-storage-authorization-types) (if caller is Azure AD principal). If `DATA_SOURCE` references Azure storage that is not public, you would need to [create database-scoped credential](develop-storage-files-storage-access-control.md#examples) and reference it in `DATA SOURCE` to allow access to storage files.
