Enable Access to the Container
The Azure Synapse SQL destination uses the COPY command to bulk load files from the staging area to Azure Synapse.
To execute the COPY command, the destination must have read and write access to the
container used to stage the data. You enable container access differently depending on
the connection used for the task and the authentication used for the connection:
- Staging connection
- By default, the destination uses the authentication defined in the staging
connection to access the container and perform the copy. The
access required for the connection depends on the authentication method that
you use:
- Azure Active Directory with Service Principal - The minimum required RBAC roles are Storage Blob Data Contributor, Storage Blob Data Owner, or Storage Blob Data Reader.
- Storage Account Key - No permissions are required.
- Copy statement connection
- When you enable the use of a copy
statement connection, the destination uses the authentication
defined in the copy statement connection to connect to the container and
issue the COPY command. The access required for the connection depends on
the authentication method that you use:
- Azure Active Directory User - The minimum required RBAC roles are Storage Blob Data Contributor or Storage Blob Data Owner for the storage account.
- Azure Active Directory with Service Principal - The minimum required RBAC roles are Storage Blob Data Contributor, Storage Blob Data Owner, or Storage Blob Data Reader.
- Managed Identity - The minimum required RBAC roles are Storage Blob Data Contributor or Storage Blob Data Owner for the AAD-registered SQL database server.
- Shared Access Signature (SAS) - The minimum required permissions are Read and List.
- Storage Account Key - No permissions are required.