You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/synapse-analytics/sql/on-demand-workspace-overview.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -104,7 +104,7 @@ SQL on-demand offers mechanisms to secure access to your data.
104
104
105
105
### Azure Active Directory integration and multi-factor authentication
106
106
107
-
SQL on-demand enables you to centrally manage identities of database user and other Microsoft services with [Azure Active Directory integration](../../sql-database/sql-database-aad-authentication.md?toc=/azure/synapse-analytics/toc.json&bc=/azure/synapse-analytics/breadcrumb/toc.json). This capability simplifies permission management and enhances security. Azure Active Directory (AAD) supports [multi-factor authentication](../../sql-database/sql-database-ssms-mfa-authentication-configure.md?toc=/azure/synapse-analytics/toc.json&bc=/azure/synapse-analytics/breadcrumb/toc.json) (MFA) to increase data and application security while supporting a single sign-on process.
107
+
SQL on-demand enables you to centrally manage identities of database user and other Microsoft services with [Azure Active Directory integration](../../sql-database/sql-database-Azure AD-authentication.md?toc=/azure/synapse-analytics/toc.json&bc=/azure/synapse-analytics/breadcrumb/toc.json). This capability simplifies permission management and enhances security. Azure Active Directory (Azure AD) supports [multi-factor authentication](../../sql-database/sql-database-ssms-mfa-authentication-configure.md?toc=/azure/synapse-analytics/toc.json&bc=/azure/synapse-analytics/breadcrumb/toc.json) (MFA) to increase data and application security while supporting a single sign-on process.
108
108
109
109
#### Authentication
110
110
@@ -116,23 +116,23 @@ SQL on-demand authentication refers to how users prove their identity when conne
116
116
117
117
-**Azure Active Directory Authentication**:
118
118
119
-
This authentication method uses identities managed by Azure Active Directory. For AAD users, multi-factor authentication can be enabled. Use Active Directory authentication (integrated security) [whenever possible](/sql/relational-databases/security/choose-an-authentication-mode?toc=/azure/synapse-analytics/toc.json&bc=/azure/synapse-analytics/breadcrumb/toc.json&view=azure-sqldw-latest).
119
+
This authentication method uses identities managed by Azure Active Directory. For Azure AD users, multi-factor authentication can be enabled. Use Active Directory authentication (integrated security) [whenever possible](/sql/relational-databases/security/choose-an-authentication-mode?toc=/azure/synapse-analytics/toc.json&bc=/azure/synapse-analytics/breadcrumb/toc.json&view=azure-sqldw-latest).
120
120
121
121
#### Authorization
122
122
123
123
Authorization refers to what a user can do within a SQL on-demand database, and is controlled by your user account's database role memberships and object-level permissions.
124
124
125
125
If SQL Authentication is used, the SQL user exists only in SQL on-demand and permissions are scoped to the objects in SQL on-demand. Access to securable objects in other services (such as Azure Storage) can't be granted to SQL user directly since it only exists in scope of SQL on-demand. The SQL user needs to use one of the [supported authorization types](develop-storage-files-storage-access-control.md#supported-storage-authorization-types) to access the files.
126
126
127
-
If AAD authentication is used, a user can sign in to SQL on-demand and other services, like Azure Storage, and can grant permissions to the AAD user.
127
+
If Azure AD authentication is used, a user can sign in to SQL on-demand and other services, like Azure Storage, and can grant permissions to the Azure AD user.
128
128
129
129
### Access to storage accounts
130
130
131
131
A user that is logged into the SQL on-demand service must be authorized to access and query the files in Azure Storage. SQL on-demand supports the following authorization types:
132
132
133
133
-**Shared access signature (SAS)** provides delegated access to resources in storage account. With a SAS, you can grant clients access to resources in storage account, without sharing account keys. A SAS gives you granular control over the type of access you grant to clients who have the SAS: validity interval, granted permissions, acceptable IP address range, acceptable protocol (https/http).
134
134
135
-
-**User Identity** (also known as "pass-through") is an authorization type where the identity of the AAD user that logged into SQL on-demand is used to authorize access to the data. Before accessing the data, Azure Storage administrator must grant permissions to AAD user for accessing the data. This authorization type uses the AAD user that logged into SQL on-demand, therefore it's not supported for SQL user types.
135
+
-**User Identity** (also known as "pass-through") is an authorization type where the identity of the Azure AD user that logged into SQL on-demand is used to authorize access to the data. Before accessing the data, Azure Storage administrator must grant permissions to Azure AD user for accessing the data. This authorization type uses the Azure AD user that logged into SQL on-demand, therefore it's not supported for SQL user types.
136
136
137
137
## Next steps
138
138
Additional information on endpoint connection and querying files can be found in the following articles:
0 commit comments