Exam DP203 Serverless SQL Pool Authentication: Difference between revisions

From MillerSql.com
← Older editNewer edit →
VisualWikitext
NeilM (talk | contribs)
1,601 edits
No edit summary
NeilM (talk | contribs)
1,601 edits
No edit summary
Line 7: Line 7:


== Access to storage accounts ==
== Access to storage accounts ==
If a user of either type (above) needs to access files in Azure Storage, or Azure Gen2, they must have one of the following permissions:
If a user of either type (above) needs to access files in Azure Storage, or Azure Gen2, they must have one of the following permissions to be set up on the Azure Storage and referenced by the user I think:


# Anonymous access
# Anonymous access
Line 13: Line 13:
# Managed Identity.
# Managed Identity.
# User Identity
# User Identity
== Anonymous access ==
To access publicly available files placed on Azure storage accounts that allow anonymous access.
== Shared Access Signature (SAS) ==
With a SAS, you can grant clients access to resources in storage account, without sharing account keys.
== Managed Identity ==
Part of Microsoft Entra ID. Analogous to domain groups.
== User Identity ==
Part of Microsoft Entra ID. Analogous to domain users.

Revision as of 23:30, 16 November 2024

Serverless SQL Pool Authentication

Two types of authentication are supported:

  • SQL Authentication (username and password). Only within the Serverless SQL Pool.
  • Microsoft Entra authentication. Global reach within Azure.

Authorization refers to what a user can do within a serverless SQL pool database and is controlled by your user account's database role memberships and object-level permissions.

Access to storage accounts

If a user of either type (above) needs to access files in Azure Storage, or Azure Gen2, they must have one of the following permissions to be set up on the Azure Storage and referenced by the user I think:

  1. Anonymous access
  2. Shared access signature (SAS)
  3. Managed Identity.
  4. User Identity

Anonymous access

To access publicly available files placed on Azure storage accounts that allow anonymous access.

Shared Access Signature (SAS)

With a SAS, you can grant clients access to resources in storage account, without sharing account keys.

Managed Identity

Part of Microsoft Entra ID. Analogous to domain groups.

User Identity

Part of Microsoft Entra ID. Analogous to domain users.

Retrieved from ‘https://wiki.millersql.com/wiki/index.php?title=Exam_DP203_Serverless_SQL_Pool_Authentication&oldid=1053