'Azure Syanpse Analytics

I have a need to connect to Synapse Analytics Serverless SQL Pool database using SQL Authentication. I created a serverless SQL Pool database and created a SQL User and provided db_owner access.

Then created an external table below

IF NOT EXISTS (SELECT * FROM sys.external_file_formats 
   WHERE name = 'SynapseDeltaFormat') 
   CREATE EXTERNAL FILE FORMAT [SynapseDeltaFormat] 
   WITH ( FORMAT_TYPE = PARQUET)
GO

IF NOT EXISTS (SELECT * FROM sys.external_data_sources WHERE name = 
'test_dfs_core_windows_net') 
CREATE EXTERNAL DATA SOURCE [test_dfs_core_windows_net] 
WITH (
    LOCATION = 'abfss://test.dfs.core.windows.net' 
)
GO

CREATE EXTERNAL TABLE table_staging (
<columns here>
)
WITH (
LOCATION = 'bronze/table_staging/',
DATA_SOURCE = [test_dfs_core_windows_net],
FILE_FORMAT = [SynapseDeltaFormat]
)
GO


SELECT TOP 100 * FROM dbo.table_staging
GO

Get below error when trying to access data of the table using SQL User External table 'dbo.table_staging' is not accessible because location does not exist or it is used by another process.

Table data is accessible using AD user. Created DataSource using SQL User.

It seems like that SQL Server User does not have access to data lake/data storage. How to grant that access?

azure-synapsedelta-lake


Solution 1:[1]

Just started delta lakes myself :)

Per default the serverless sql authenticates using the user context. When you are querying from within the synapse data studio you are using your AD users context which is why you can connect to the external storage.

However for SQL users and AD users that do not have access to be able to query you need to use credentials when setting up the query.

You can finde detailed instructions here: https://docs.microsoft.com/en-us/azure/synapse-analytics/sql/develop-storage-files-storage-access-control?tabs=user-identity

You need to have way of accessing the storage - either service principal, SAS, Managed Identity

I just set up credentials using a service principal "App registration"

CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<secret>';
go

CREATE DATABASE SCOPED CREDENTIAL [credentialname] WITH
IDENTITY = '<Client-ID>@https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token' 
, SECRET = '<token>'
GO


CREATE EXTERNAL DATA SOURCE mydatasource  WITH (
    LOCATION = 'https://<storageaccount>.dfs.core.windows.net/onedatahubtest',
    CREDENTIAL = credentialname
);

CREATE VIEW MYVIEW AS
SELECT   *  
FROM OPENROWSET(
    BULK 'Example/table',
    DATA_SOURCE='mydatasource',
    FORMAT = 'delta') as rows;

And now my sql user can access the view

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Søren Kongstad

Related Questions

Data Factory/Synapse: How to merge many files?

Synapse spark job fails as input folder does not exist

Synapse external table "Unauthorized"

Error on source dataset with REST Connector in Azure Synapse pipeline

Error assigning Synapse role using Terraform

TypeError: AutoMLConfig() takes no arguments in Azure Synapse

Azure Synapse insert result of exec into a table

M2M Client Credential Flow between NetSuite and Synapse

Azure Synapse IDENTITY COLUMN; Wrong Id values based on seed

Could SSMS shows actual execution plan in Azure Synapse?

What do these different properties in SQL Server's (Azure Synapse's) Estimated Execution Plan mean?

Where to check who run pipeline in Azure Synapse

Could not create lake database from synapse notebooks

PySpark read data into Dataframe, transform in sql, then save to dataframe

Running nltk.download in Azure Synapse notebook ValueError: I/O operation on closed file