Exam DP203 Serverless SQL Pool Authentication

From MillerSql.com
Revision as of 23:30, 16 November 2024 by NeilM (talk | contribs)

Serverless SQL Pool Authentication

Two types of authentication are supported:

  • SQL Authentication (username and password). Only within the Serverless SQL Pool.
  • Microsoft Entra authentication. Global reach within Azure.

Authorization refers to what a user can do within a serverless SQL pool database and is controlled by your user account's database role memberships and object-level permissions.

Access to storage accounts

If a user of either type (above) needs to access files in Azure Storage, or Azure Gen2, they must have one of the following permissions to be set up on the Azure Storage and referenced by the user I think:

  1. Anonymous access
  2. Shared access signature (SAS)
  3. Managed Identity.
  4. User Identity

Anonymous access

To access publicly available files placed on Azure storage accounts that allow anonymous access.

Shared Access Signature (SAS)

With a SAS, you can grant clients access to resources in storage account, without sharing account keys.

Managed Identity

Part of Microsoft Entra ID. Analogous to domain groups.

User Identity

Part of Microsoft Entra ID. Analogous to domain users.

Retrieved from ‘https://wiki.millersql.com/wiki/index.php?title=Exam_DP203_Serverless_SQL_Pool_Authentication&oldid=1053