You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/synapse-analytics/security/connect-to-a-secure-storage-account.md
+4-6Lines changed: 4 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: ashinMSFT
5
5
ms.service: azure-synapse-analytics
6
6
ms.topic: how-to
7
7
ms.subservice: security
8
-
ms.date: 02/14/2025
8
+
ms.date: 02/05/2025
9
9
ms.author: seshin
10
10
ms.reviewer: whhender
11
11
---
@@ -32,13 +32,11 @@ If you *do* enable managed virtual network when you create the workspace, then y
32
32
33
33
Synapse operates from networks that can't be included in your network rules. Use the following steps to enable access from your workspace to your secure storage account.
34
34
35
-
1. Create an Azure Synapse workspace with a managed virtual network associated with it, and create managed private endpoints from it to the secure storage account.
36
-
37
-
If you use the Azure portal to create your workspace, you can enable **Managed virtual network** under the **Networking** tab.
35
+
1. Create an Azure Synapse workspace with a managed virtual network associated with it, and create managed private endpoints from it to the secure storage account. If you use the Azure portal to create your workspace, you can enable **Managed virtual network** under the **Networking** tab.
38
36
39
37
:::image type="content" source="media/connect-to-a-secure-storage-account/enable-managed-virtual-network-managed-private-endpoint.png" alt-text="Screenshot that shows the Manage virtual network option under the Networking tab.":::
40
38
41
-
If you enable **Managed virtual network** or if Synapse determines that the primary storage account is a secure storage account, then you have the option to **Create managed private endpoint to primary storage account**, as shown. The storage account owner needs to approve the connection request to establish the private link. Alternatively, Synapse approves this connection request if the user creating an Apache Spark pool in the workspace has sufficient privileges to approve the connection request.
39
+
1. If you enable **Managed virtual network** or if Synapse determines that the primary storage account is a secure storage account, then you have the option to **Create managed private endpoint to primary storage account**, as shown. The storage account owner needs to approve the connection request to establish the private link. Alternatively, Synapse approves this connection request if the user creating an Apache Spark pool in the workspace has sufficient privileges to approve the connection request.
42
40
43
41
1. Grant your Azure Synapse workspace access to your secure storage account as a trusted Azure service. As a trusted service, Azure Synapse then uses strong authentication to securely connect to your storage account.
44
42
@@ -54,7 +52,7 @@ Analytic capabilities such as dedicated SQL pool and serverless SQL pool use mul
54
52
55
53
1. In the Azure portal, navigate to your secured storage account and select **Networking** from the left navigation pane.
56
54
57
-
:::image type="content" source="media/connect-to-a-secure-storage-account/secured-storage-access.png" alt-text="Screenshot of the storage account network configuration.":::
55
+
:::image type="content" source="media/connect-to-a-secure-storage-account/secured-storage-access.png" alt-text="Screenshot of the storage account network configuration." lightbox="media/connect-to-a-secure-storage-account/secured-storage-access.png":::
58
56
59
57
1. In the **Resource instances** section, select *Microsoft.Synapse/workspaces* as the **Resource type** and enter your workspace name for **Instance name**. Select **Save**.
Copy file name to clipboardExpand all lines: articles/synapse-analytics/security/synapse-workspace-access-control-overview.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: meenalsri
5
5
ms.service: azure-synapse-analytics
6
6
ms.topic: overview
7
7
ms.subservice: security
8
-
ms.date: 02/04/2025
8
+
ms.date: 02/05/2025
9
9
ms.author: mesrivas
10
10
ms.reviewer: wiassaf
11
11
---
@@ -42,7 +42,8 @@ An Owner or Contributor can enable or disable Microsoft Entra-only authenticatio
42
42
43
43
Synapse supports two development models.
44
44
45
-
-**Synapse live development:** You develop and debug code in Synapse Studio and then *publish* it to save and execute. The Synapse service is the source of truth for code editing and execution. Any unpublished work is lost when you close Synapse Studio.
45
+
-**Synapse live development:** You develop and debug code in Synapse Studio and then *publish* it to save and execute. The Synapse service is the source of truth for code editing and execution. Any unpublished work is lost when you close Synapse Studio.
46
+
46
47
-**Git-enabled development:** You develop and debug code in Synapse Studio and *commit* changes to a working branch of a Git repo. Work from one or more branches is integrated into a collaboration branch, from where you *publish* it to the service. The Git repo is the source of truth for code editing, while the service is the source of truth for execution. Changes must be committed to the Git repo or published to the service before closing Synapse Studio. To learn more about using Synapse Analytics with Git, see [Continuous integration and delivery for an Azure Synapse Analytics workspace](../cicd/continuous-integration-delivery.md).
47
48
48
49
In both development models, any user with access to Synapse Studio can create code artifacts. However, you need additional permissions to publish artifacts to the service, read published artifacts, to commit changes to Git, to execute code, and to access linked data protected by credentials. Users must have the Azure Contributor or higher role on the Synapse workspace to configure, edit settings, and disconnect a Git repository with Synapse.
@@ -70,7 +71,7 @@ For dedicated and serverless SQL pools, data plane access is controlled using SQ
70
71
71
72
The creator of a workspace is assigned as the Active Directory Admin on the workspace. After creation, this role can be assigned to a different user or to a security group in the Azure portal.
72
73
73
-
-**Serverless SQL pools:** Synapse Administrators are granted `db_owner` (`DBO`) permissions on the serverless SQL pool, *Built-in*. To grant other users access to the serverless SQL pool, Synapse administrators need to run SQL scripts on the serverless pool.
74
+
-**Serverless SQL pools:** Synapse Administrators are granted `db_owner` (DBO) permissions on the serverless SQL pool, *Built-in*. To grant other users access to the serverless SQL pool, Synapse administrators need to run SQL scripts on the serverless pool.
74
75
75
76
-**Dedicated SQL pools:** Synapse Administrators have full access to data in dedicated SQL pools, and the ability to grant access to other users. Synapse Administrators can also perform configuration and maintenance activities on dedicated pools, except for dropping databases. Active Directory Admin permission is granted to the creator of the workspace and the workspace MSI. Permission to access dedicated SQL pools isn't otherwise granted automatically. To grant other users or groups access to dedicated SQL pools, the Active Directory Admin or Synapse Administrator must run SQL scripts against each dedicated SQL pool.
Copy file name to clipboardExpand all lines: articles/synapse-analytics/sql/load-data-overview.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,23 +4,23 @@ description: Learn how to implement a PolyBase data loading strategy for dedicat
4
4
author: joannapea
5
5
ms.author: joanpo
6
6
ms.reviewer: wiassaf
7
-
ms.date: 02/04/2025
7
+
ms.date: 02/05/2025
8
8
ms.service: azure-synapse-analytics
9
9
ms.subservice: sql
10
10
ms.topic: concept-article
11
11
---
12
12
13
13
# Design a PolyBase data loading strategy for dedicated SQL pool
14
14
15
-
Traditional SMP data warehouses use an Extract, Transform, and Load (ETL) process for loading data. Azure SQL pool is a massively parallel processing (MPP) architecture that takes advantage of the scalability and flexibility of compute and storage resources.
15
+
Traditional symmetric multiprocessing system (SMP) data warehouses use an Extract, Transform, and Load (ETL) process for loading data. Azure SQL pool is a massively parallel processing (MPP) architecture that takes advantage of the scalability and flexibility of compute and storage resources.
16
16
17
17
In contrast, an Extract, Load, and Transform (ELT) process can take advantage of built-in distributed query processing capabilities and eliminate resources needed to transform the data before loading.
18
18
19
19
While SQL pool supports many loading methods, including non-Polybase options such as bulk copy program (bcp) and SQL BulkCopy API, the fastest and most scalable way to load data is through PolyBase. PolyBase is a technology that accesses external data stored in Azure Blob storage or Azure Data Lake Storage via the Transact-SQL (T-SQL) language.
0 commit comments