4

I have been trying to use Managed Identity to connect to Azure SQL Database from Azure Data factory.
Steps are as follow:

  1. Created a Linked Service and selected Managed Identity as the Authentication Type
  2. On SQL Server, added Managed Identity created for Azure Data Factory as Active Directory Admin

The above steps let me do all data operations on the database. Actually that is the problem. I want to restrict the privileges given to Azure Data Factory on my SQL database.

First, let me know whether I have followed the correct steps to set up the managed identity. Then, how to limit privileges because I don't want data factory to do any DDL on SQL database.

Improve this question
2
  • 1
    Restrict the permissions to the user (ADF MI in this case) to db_datareader on the target database to limit the privileges. You can do this via ALTER ROLE command. Commented Aug 25, 2020 at 18:18
  • I update my answer,you can have a try.If you have any doubt,please feel free to ask. Commented Aug 26, 2020 at 5:23

1 Answer 1

Reset to default
9

As Raunak comments,you should change the role to db_datareader.

In you sql database,run this sql:

CREATE USER [your Data Factory name] FROM EXTERNAL PROVIDER;

and this sql:

ALTER ROLE db_datareader ADD MEMBER [your Data Factory name];

You can find '[your Data Factory name]' here enter image description here

Then you do any DDL operation in Data Factory,you will the error like this:

"errorCode": "2200",
"message": "ErrorCode=SqlOperationFailed,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=A database operation failed. Please search error to get more details.,Source=Microsoft.DataTransfer.ClientLibrary,''Type=System.Data.SqlClient.SqlException,Message=The INSERT permission was denied on the object

Update:

1.Search for and select SQL server in azure portal enter image description here

2.select you and save as admin enter image description here

3.click the button and run two sql in sql database. enter image description here

More details,you can refer to this documentation.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks Steve for the detailed answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.