在 Azure Synapse 专用 SQL 池中,我有以下设置:
-- a custom DB role to manage privileges
CREATE ROLE [owner];
-- there is a schema owned by this role
CREATE SCHEMA [myschema] AUTHORIZATION [owner];
-- an Azure AD group to allow its members to log in
CREATE USER [radish] FROM EXTERNAL PROVIDER;
-- the AAD group is a member of the owner role
EXEC sp_addrolemember 'owner', 'radish';
-- privileges are assigned exclusively through custom DB roles
GRANT ALTER, CONTROL on SCHEMA::[myschema] TO [owner]; …sql-server permissions active-directory azure-synapse-analytics dedicated-sql-pool