You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
> Azure Synapse Analytics (Workspaces) is currently in public preview.
10
+
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
11
+
> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
Copy file name to clipboardExpand all lines: articles/synapse-analytics/overview-cheat-sheet.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,6 +13,8 @@ ms.reviewer: jrasnick
13
13
14
14
# Azure Synapse Analytics cheat sheet
15
15
16
+
[!INCLUDE [preview](includes/note-preview.md)]
17
+
16
18
The Azure Synapse Analytics cheat sheet will guide you through the basic concepts of the service and important commands. This article will be helpful for both new learners and those who want highlights of the essential Azure Synapse topics.
Copy file name to clipboardExpand all lines: articles/synapse-analytics/overview-what-is.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,9 @@ ms.author: saveenr
11
11
ms.reviewer: jrasnick
12
12
---
13
13
14
-
# What is Azure Synapse
14
+
# What is Azure Synapse Analytics (workspaces)
15
+
16
+
[!INCLUDE [preview](includes/note-preview.md)]
15
17
16
18
Today enterprise analytics requires operating at massive scale on any kind of data--raw, refined, or highly curated. To build these kinds of analytics solutions, enterprises have needed to stitch together big data and data warehousing technologies such as Spark and SQL. Then integrate them into rich data pipelines that work across data in relational stores and data lakes. Solutions like this are difficult to build, configure, secure, and maintain and delay enterprises from quickly getting the insights they need.
Copy file name to clipboardExpand all lines: articles/synapse-analytics/security/how-to-connect-to-workspace-with-private-links.md
+16-14Lines changed: 16 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,40 +10,42 @@ ms.reviewer: jrasnick
10
10
---
11
11
12
12
# Connect to your Azure Synapse workspace using private links (preview)
13
+
13
14
This article will teach you how to create private endpoint to your Azure Synapse workspace. See [private links and private endpoints](https://docs.microsoft.com/azure/private-link/) to learn more.
14
15
15
16
## Step 1: Open your Azure Synapse workspace in Azure portal
16
-
Select **Private endpoint connection** under **Security** and then select **+ Private endpoint**.
17
-
17
+
18
+
Select **Private endpoint connection** under **Security** and then select **+ Private endpoint**.
19
+
18
20
19
21
## Step 2: Select your subscription and region details
20
-
Under the **Basics** tab in the **Create a private endpoint** window, choose your **Subscription** and **Resource Group**. Give a **Name** to the private endpoint that you want to create. Select the **Region** where you want the private endpoint created.
21
22
22
-
Private endpoints are created in a subnet. The subscription, resource group, and region selected filter the private endpoint subnets. Select **Next: Resource >** when done.
23
-
23
+
Under the **Basics** tab in the **Create a private endpoint** window, choose your **Subscription** and **Resource Group**. Give a **Name** to the private endpoint that you want to create. Select the **Region** where you want the private endpoint created.
24
24
25
+
Private endpoints are created in a subnet. The subscription, resource group, and region selected filter the private endpoint subnets. Select **Next: Resource >** when done.
26
+
25
27
26
28
## Step 3: Select your Azure Synapse workspace details
27
-
Select **Connect to an Azure resource in my directory** in the **Resource** tab. Select the **Subscription** that contains your Azure Synapse workspace. The **Resource type** for creating private endpoints to an Azure Synapse workspace is *Microsoft.Synapse/workspaces*.
29
+
30
+
Select **Connect to an Azure resource in my directory** in the **Resource** tab. Select the **Subscription** that contains your Azure Synapse workspace. The **Resource type** for creating private endpoints to an Azure Synapse workspace is *Microsoft.Synapse/workspaces*.
28
31
29
32
Select your Azure Synapse workspace as the **Resource**. Every Azure Synapse workspace has three **Target sub-resource** that you can create a private endpoint to: Sql, SqlOnDemand, and Dev.
30
33
31
34
Select **Next: Configuration>** to advance to the next part of the setup.
32
-
33
-
35
+
34
36
35
-
In the **Configuration** tab, select the **Virtual network** and the **Subnet** in which the private endpoint should be created. You also need to create a DNS record that maps to the private endpoint.
37
+
In the **Configuration** tab, select the **Virtual network** and the **Subnet** in which the private endpoint should be created. You also need to create a DNS record that maps to the private endpoint.
36
38
39
+
Select **Yes** for **Integrate with private DNS zone** to integrate your private endpoint with a private DNS zone. If you don't have a private DNS zone associated with your VNet, then a new private DNS zone is created. Select **Review + create** when done.
37
40
38
-
Select **Yes** for **Integrate withprivate DNS zone** to integrate your privateendpoint with a private DNS zone. If you don't have a private DNS zone associated with your VNet, then a new private DNS zone is created. Select **Review + create** when done.
41
+
39
42
40
-
43
+
When the deployment is complete, open your Azure Synapse workspace in Azure portal and select **Private endpoint connections**. The new privateendpoint and private endpoint connection name associated to the private endpoint are shown.
41
44
42
-
When the deployment is complete, open your Azure Synapse workspace in Azure portal and select **Private endpoint connections**. The new private endpoint and private endpoint connection name associated to the private endpoint are shown.
43
-
44
-
45
+
45
46
46
47
## Next steps
48
+
47
49
Learn more about [Managed workspace VNet](./synapse-workspace-managed-vnet.md)
48
50
49
51
Learn more about [Managed private endpoints](./synapse-workspace-managed-private-endpoints.md)
Copy file name to clipboardExpand all lines: articles/synapse-analytics/security/how-to-create-managed-private-endpoints.md
+10-7Lines changed: 10 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,28 +14,31 @@ ms.reviewer: jrasnick
14
14
This article will teach you how to create a Managed private endpoint to your data source in Azure. See [Managed private endpoints](./synapse-workspace-managed-private-endpoints.md) to learn more.
15
15
16
16
## Step 1: Open your Azure Synapse workspace in Azure portal
17
+
17
18
You can create a Managed private endpoint to your data source from Azure Synapse Studio. Select the **Overview** tab in Azure portal and select **Launch Synapse Studio**.
## Step 2: Navigate to the Managed Virtual Networks tab in Synapse Studio
21
22
22
23
In Azure Synapse Studio, select the **Manage** tab from the left navigation. Select **Managed Virtual Networks** and then select **+ New**.
23
-
24
+
24
25
25
26
## Step 3: Select the data source type
27
+
26
28
Select the data source type. In this case, the target data source is an ADLS gen2 account. Select **Continue**.
27
-
29
+
28
30
29
31
## Step 4: Enter information about the data source
32
+
30
33
In the next window, enter information about the data source. In this example, we're creating a Managed private endpoint to an ADLS gen2 account. Enter a **Name** for the Managed private endpoint. Provide an **Azure subscription** and a **Storage account name**. Select **Create**.
31
-
34
+
32
35
33
36
## Step 5: Verify that your Managed private endpoint was successfully created
34
-
After submitting the request, you'll see its status. To verify the successful creation of your Managed private endpoint was created, check its *Provisioning State*. You may need to wait 1 minute and select **Refresh** to update the provisioning state. You can see that the Managed private endpoint to the ADLS gen2 account was successfully created.
35
37
36
-
You can also see that the *Approval State* is *Pending*. The owner of the target resource can approve or deny the private endpoint connection request. If the owner approves the private endpoint connection request, then a private link is established. If denied, then a private link isn't established.
After submitting the request, you'll see its status. To verify the successful creation of your Managed private endpoint was created, check its *Provisioning State*. You may need to wait 1 minute and select **Refresh** to update the provisioning state. You can see that the Managed private endpoint to the ADLS gen2 account was successfully created.
38
39
40
+
You can also see that the *Approval State* is *Pending*. The owner of the target resource can approve or deny the private endpoint connection request. If the owner approves the private endpoint connection request, then a private link is established. If denied, then a private link isn't established.
Copy file name to clipboardExpand all lines: articles/synapse-analytics/security/how-to-grant-workspace-managed-identity-permissions.md
+33-23Lines changed: 33 additions & 23 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,93 +15,103 @@ ms.reviewer: jrasnick
15
15
This article teaches you how to grant permissions to the managed identity in Azure synapse workspace. Permissions, in turn, allow access to SQL pools in the workspace and ADLS gen2 storage account through the Azure portal.
16
16
17
17
>[!NOTE]
18
-
>This workspace managed identity will be referred to as managed identity through the rest of this document.
18
+
>This workspace managed identity will be referred to as managed identity through the rest of this document.
19
19
20
20
## Grant the managed identity permissions to the SQL pool
21
+
21
22
The managed identity grants permissions to the SQL pools in the workspace. With permissions granted, you can orchestrate pipelines that perform SQL pool-related activities. When you create an Azure Synapse workspace using Azure portal, you can grant the managed identity CONTROL permissions on SQL pools.
22
23
23
-
Select **Security + networking** when you're creating your Azure Synapse workspace. Then select **Grant CONTROL to the workspace's managed identity on SQL pools**.
24
+
Select **Security + networking** when you're creating your Azure Synapse workspace. Then select **Grant CONTROL to the workspace's managed identity on SQL pools**.
24
25
25
-
26
+
26
27
27
28
## Grant the managed identity permissions to ADLS gen2 storage account
28
-
An ADLS gen2 storage account is required to create an Azure Synapse workspace. To successfully launch Spark pools in Azure Synapse workspace, the Azure Synapse managed identity needs the *Storage Blob Data Contributor* role on this storage account . Pipeline orchestration in Azure Synapse also benefits from this role.
29
+
30
+
An ADLS gen2 storage account is required to create an Azure Synapse workspace. To successfully launch Spark pools in Azure Synapse workspace, the Azure Synapse managed identity needs the *Storage Blob Data Contributor* role on this storage account . Pipeline orchestration in Azure Synapse also benefits from this role.
29
31
30
32
### Grant permissions to managed identity during workspace creation
33
+
31
34
Azure Synapse will attempt to grant the Storage Blob Data Contributor role to the managed identity after you create the Azure Synapse workspace using Azure portal. You provide the ADLS gen2 storage account details in the **Basics** tab.
32
35
33
-
36
+
34
37
35
-
Choose the ADLS gen2 storage account and filesystem in **Account name** and **File system name**.
38
+
Choose the ADLS gen2 storage account and filesystem in **Account name** and **File system name**.
36
39
37
-
40
+
38
41
39
42
If the workspace creator is also **Owner** of the ADLS gen2 storage account, then Azure Synapse will assign the *Storage Blob Data Contributor* role to the managed identity. You'll see the following message below the storage account details that you entered.
40
43
41
-
44
+
42
45
43
46
If the workspace creator isn't the owner of the ADLS gen2 storage account, then Azure Synapse doesn't assign the *Storage Blob Data Contributor* role to the managed identity. The message appearing below the storage account details notifies the workspace creator that they don't have sufficient permissions to grant the *Storage Blob Data Contributor* role to the managed identity.
44
47
45
-
48
+
46
49
47
50
As the message states, you can't create Spark pools unless the *Storage Blob Data Contributor* is assigned to the managed identity.
48
51
49
52
### Grant permissions to managed identity after workspace creation
53
+
50
54
During workspace creation, if you don't assign the *Storage Blob Data contributor* to the managed identity, then the **Owner** of the ADLS gen2 storage account manually assigns that role to the identity. The following steps will help you to accomplish manual assignment.
51
55
52
56
#### Step 1: Navigate to the ADLS gen2 storage account in Azure portal
57
+
53
58
In Azure portal, open the ADLS gen2 storage account and select **Overview** from the left navigation. You'll only need to assign The *Storage Blob Data Contributor* role at the container or filesystem level. Select **Containers**.
The managed identity should have data access to the container (file system) that was provided when the workspace was created. You can find this container or file system in Azure portal. Open the Azure Synapse workspace in Azure portal and select the **Overview** tab from the left navigation.
The managed identity should have data access to the container (file system) that was provided when the workspace was created. You can find this container or file system in Azure portal. Open the Azure Synapse workspace in Azure portal and select the **Overview** tab from the left navigation.
The managed identity's name is also the workspace name. Search for your managed identity by entering you Azure Synapse workspace name in **Select**. You should see the managed identity listed.
87
97
88
-
98
+
89
99
90
100
#### Step 8: Select the managed identity
91
101
92
102
Select the managed identity to the **Selected members**. Select **Save** to add the role assignment.
93
103
94
-
104
+
95
105
96
106
#### Step 9: Verify that the Storage Blob Data Contributor role is assigned to the managed identity
97
107
98
108
Select **Access Control(IAM)** and then select **Role assignments**.
99
109
100
-
110
+
101
111
102
112
You should see your managed identity listed under the **Storage Blob Data Contributor** section with the *Storage Blob Data Contributor* role assigned to it.
0 commit comments