You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-Update a few occurrences of user_name to sql_login_name or
sql_user_name to avoid mis-understanding.
-Add suffix 'in the master database' and 'in the user database' accordingly to avoid confusion.
Copy file name to clipboardExpand all lines: articles/synapse-analytics/sql/develop-storage-files-storage-access-control.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -275,32 +275,32 @@ To query a file located in Azure Storage, your serverless SQL pool endpoint need
275
275
276
276
To grant the ability manage credentials:
277
277
278
-
- To allow a user to create or drop a server-level credential, an administrator must grant the `ALTER ANY CREDENTIAL` permission to the user. For example:
278
+
- To allow a user to create or drop a server-level credential, an administrator must grant the `ALTER ANY CREDENTIAL` permission to the SQL login in the master database. For example:
279
279
280
280
```sql
281
-
GRANT ALTER ANY CREDENTIAL TO [user_name];
281
+
GRANT ALTER ANY CREDENTIAL TO [sql_login_name];
282
282
```
283
283
284
-
- To allow a user to create or drop a database scoped credential, an administrator must grant the `CONTROL` permission on the database to the user. For example:
284
+
- To allow a user to create or drop a database scoped credential, an administrator must grant the `CONTROL` permission on the database to the database user in the user database. For example:
285
285
286
286
```sql
287
-
GRANT CONTROL ON DATABASE::[database_name] TO [user_name];
287
+
GRANT CONTROL ON DATABASE::[database_name] TO [sql_user_name];
288
288
```
289
289
290
290
### Grant permissions to use credential
291
291
292
292
Database users who access external storage must have permission to use credentials. To use the credential, a user must have the `REFERENCES` permission on a specific credential.
293
293
294
-
To grant the `REFERENCES` permission on a server-level credential for a user, use the following T-SQL query:
294
+
To grant the `REFERENCES` permission on a server-level credential for a SQL login, use the following T-SQL query in the master database:
295
295
296
296
```sql
297
-
GRANT REFERENCES ON CREDENTIAL::[server-level_credential] TO [user];
297
+
GRANT REFERENCES ON CREDENTIAL::[server-level_credential] TO [sql_login_name];
298
298
```
299
299
300
-
To grant a `REFERENCES` permission on a database-scoped credential for a user, use the following T-SQL query:
300
+
To grant a `REFERENCES` permission on a database-scoped credential for a database user, use the following T-SQL query in the user database:
301
301
302
302
```sql
303
-
GRANTREFERENCESON DATABASE SCOPED CREDENTIAL::[database-scoped_credential] TO [user];
303
+
GRANTREFERENCESON DATABASE SCOPED CREDENTIAL::[database-scoped_credential] TO [sql_user_name];
304
304
```
305
305
306
306
## Server-level credential
@@ -554,4 +554,4 @@ These articles help you learn how query different folder types, file types, and
0 commit comments