Synapse MSI default granted role

[jpdfr-msft]

Hello,

When creating a Synapse workload an MSI is attached to the workspace as described in this document. It is said for the pipeline management.

However by default it gets Cloud Application Administrator and Application Administrator administrator. Q1/ Can you explain these needs ?

Q2/ In a Zero Trust Approach, what should be the minimal roles that this MSI should have to be able to work ?

Thanks

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 2a4091a2-bbee-4b35-490e-7025f5d658c5
• Version Independent ID: ce97a67a-5d1f-21c6-9fff-82fed7e41a96
• Content: Managed identity in Synapse workspace - Azure Synapse Analytics
• Content Source: articles/synapse-analytics/security/synapse-workspace-managed-identity.md
• Service: synapse-analytics
• Sub-service: security
• GitHub Login: @RonyMSFT
• Microsoft Alias: ronytho

[CHEEKATLAPRADEEP-MSFT]

@jpdfr-msft Thanks for the question! We are investigating and will update you shortly.

[bandersmsft]

Thanks for your dedication to our documentation. Unfortunately, at this time we have been unable to review your issue in a timely manner and we sincerely apologize for the delayed response. We are closing this issue for now, but if you feel that it's still a concern, please respond and let us know. If you determine another possible update to our documentation, please don't hesitate to reach out again. #please-close