请连接到SQL MI需要确切的权限 [英] Exact privs needed for Connecting to SQL MI please
问题描述
首先 - 很好的添加SQL托管实例支持,非常感谢。
First off - great job adding SQL Managed Instance support, big THANK YOU.
在Azure数据工厂中选择SQL托管实例时,我想知道所需的私有访问权限最少。 我们确实发现SQL MI资源组的贡献者为用户工作但是Network Contributor和Data Factory Contributor
不起作用。
我们正在为所有需要完成设置ADF集成到Azure数据仓库的过程的所有学生座席使用单个SQL MI创建100名学生的培训。 ;我们希望最小化中央SQL
MI实例上的privs(和潜在的中断)。
In Azure Data Factory when selecting a SQL Managed Instance I would like to know the least priv access needed. Curently we found that contributor on the SQL MI resource group worked for the user however Network Contributor and Data Factory Contributor
didn't work.
We are creating training for 100 students using a single SQL MI for all student seats who need to go through the process of setting up ADF integration to Azure Data Warehouse. We want to minimize the privs (and potential disruption) on the central SQL
MI instance.
权限不足的用户收到此帖子底部的错误消息,该消息需要两个
Users with insufficient privs get the error message at the bottom of this post which hits at needing both
- Microsoft.DataFactory / factories / integrationruntimes / write
- 某些网络加入/操作链接范围priv
机器生成的替代文本:
无法保存MyFirstIntegrationRuntimerg999999。错误:无法保存集成
运行时。客户
test999999@cloudpIat.onrnicrosoft.corn'与
对象ID'6f8cd12f-17ab -47c7-9808-384227999999'有权执行<
action'Microsoft.DataFactory / factories / integrationruntimes / write•on scope
'/ subscripti ons / e204f082-7cSO- 42fe-b6bc-
7d98a2999999 / resourcegroups / rg8S8034 / providers MicrosoftDataFactory / factorie
s / integrationruntimes / MyFirstIntegrationRuntimerg999999
但是,它没有权限在链接的
范围内执行操作"加入/操作"" subscriptions / e204f082-7c50-42fe-b6bc-
7d98a2999999 / resourceGroups / our-shared-SQLMl / providers / MicrosoftNetL'ork / virtualNeWorks / our-VNET-Shared
Machine generated alternative text:
Failed to save MyFirstIntegrationRuntimerg999999. Error: Failed to save integration
runtime. The client
test999999@cloudpIat.onrnicrosoft.corn' with
object id '6f8cd12f-17ab-47c7-9808-384227999999' has permission to perform
action 'Microsoft.DataFactory/factories/integrationruntimes/write• on scope
'/subscripti ons/e204f082-7cSO-42fe-b6bc-
7d98a2999999/resourcegroups/rg8S8034/providers MicrosoftDataFactory/factorie
s/integrationruntimes/MyFirstIntegrationRuntimerg999999
however, It does not have permission to perform action 'join/action• on the linked
scope(s) '"subscriptions/e204f082-7c50-42fe-b6bc-
7d98a2999999/resourceGroups/our-shared-SQLMl/providers/MicrosoftNetL'ork/virtualNeWorks/our-VNET-Shared
推荐答案
您好Knight21024,
Hi Knight21024,
为数据工厂创建和管理子资源 - 包括数据集,链接服务,管道,触发器和集成运行时 - 以下要求适用:
To create and manage child resources for Data Factory - including datasets, linked services, pipelines, triggers, and integration runtimes - the following requirements are applicable:
- 要在Azure门户中创建和管理子资源,必须属于资源组级别或以上的数据工厂贡献者角色。
- 要使用PowerShell或SDK创建和管理子资源,资源级别或更高级别的贡献者角色就足够了。
有关详细信息,请参阅" Azure数据工厂的角色和权限"。
For more details, refer "Roles and permissions for Azure Data Factory".
希望这会有所帮助。
这篇关于请连接到SQL MI需要确切的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
