Open Official-James opened 2 years ago
hello @aristosvo , should we use this preview API https://github.com/Azure/azure-sdk-for-go/tree/main/services/preview/synapse/mgmt/2021-06-01-preview/synapse to enable the user assigned managed identity?
I have the same issue, need to assign a UAI to the synapse workspace, once i will use this identity to be added to a AAD Group that have the Directory Readers role assigned, this role is needed to allow this identity to create LOGINS in Synapse from Azure Active Directory.
Once i am using IaC, i can't use System Assigned identity (because its created with a new ID everytime i recreate the synapse) and i will need to add this ID to the group everytime it is recreated.
I got the same issue in 2023. User-assigned Identity is a valid RBAC management model and is supported by e.g. Azure ML. Currently Terraform requires System-managed Identity, always.
The User-assigned Identity can be added to the System-managed Identity (in mixed mode), although providing duplicated RBAC permissions seems to be the case. Hence it's not optimal, especially in setups making use of complicated dependencies (chained TF deployments).
Community Note
Description
azurerm_synapse_workspace does not support UserAssigned type in the identity block
New or Affected Resource(s)
azurerm_synapse_workspace is affected when trying to use UserAssigned type rather than System Assigned
Potential Terraform Configuration
Current Error when using UserAssigned