search

marvinbuss / PurviewAutomation

Event-Driven Onboarding, Scanning and Classification of Data Sources and Setup of Lineage to Azure Purview.
MIT License
9 stars 11 forks source link

Feature: Add Purview MSI to Synapse SQL #6

Open marvinbuss opened 2 years ago

marvinbuss commented 2 years ago

Feature or Idea - What?

Add Purview MSI automatically to the Synapse SQL Serverless, to simplify the creation of new scans for Synapse workspaces. The steps described here need to be executed: https://docs.microsoft.com/en-us/azure/purview/register-scan-synapse-workspace#authentication-for-enumerating-serverless-sql-database-resources

CREATE LOGIN [PurviewAccountName] FROM EXTERNAL PROVIDER;

Feature or Idea - Why?

This will allow Data Governance personas to more easily create scans for the Synapse workspaces and will allow immediate insights.

marvinbuss commented 2 years ago

This is currently blocked because of the issue described here: https://github.com/MicrosoftDocs/sql-docs/issues/2323

We would have to grant each Synapse workspace DirectoryReader rights. To do that, the Function would require even higher rights. This is not expected to be acceptable for users (escalation of privileges).