需要从 Azure 数据工厂连接 Azure Sql db,使用 userManagedIdentity 作为身份验证方法限制在模式级别
[英]Need to Connect Azure Sql db from Azure Data Factory,restricted at Schema Level using userManagedIdentity as Authentication Method
问题描述
I have a successful connection from Azure data Factory to my Azure Sql db.And I have set the AAD Admin as myself and also the UserManagedIdentity from the portal.
我从 Azure 数据工厂成功连接到我的 Azure Sql db。我已将 AAD Admin 设置为我自己,还设置了门户中的 UserManagedIdentity。
Now whoever use that UserManagedidentity in ADF can access the entire Sql DB.I need to restrict the access at Schema level, like X people should have access to X tables and Y people should have access to Y Tables.现在,无论谁在 ADF 中使用该 UserManagedidentity,都可以访问整个 Sql 数据库。我需要在架构级别限制访问权限,例如 X 人应该访问 X 表,Y 人应该访问 Y 表。
So how can we achieve this through usermangedIdentity,Can we set Schema level permissions via usermanagedidentity?那么如何通过usermangedIdentity来实现,是否可以通过usermanagedidentity来设置Schema级别的权限呢?
2 个解决方案
解决方案1
0 2023-02-01 16:09:10
The managed identity has a corresponding user in SQL, so limit their permissions are you would any other user or group.托管身份在 SQL 中有一个相应的用户,因此限制他们的权限是您对任何其他用户或组的权限。
ie: GRANT SELECT ON Employees TO UserManagedIdentity;即:GRANT SELECT ON Employees TO UserManagedIdentity;
解决方案2
0 2023-02-02 04:07:14
Admin overrides all other restrictions.管理员覆盖所有其他限制。 So as long as a user is part of Server admin, he/she can have the entire access.因此,只要用户是服务器管理员的一部分,他/她就可以拥有全部访问权限。 For your use case, you would need to remove the managed identity from the admin group DL, create a new user within the database and grant the new user required access对于您的用例,您需要从管理员组 DL 中删除托管身份,在数据库中创建一个新用户并授予新用户所需的访问权限
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.