So, I'm new on Azure and this may be a menial task, but I'm struggling with it.
I had setup an Azure Synapse workspace with a dedicated sql pool. I'm tasked to pause/resume the pool on schedule and I have followed a tutorial in order to do that.
I setup a pipeline with web activities that make REST requests to https://management.azure.com/ api in order to check the status of the pool and pause/resume it.
I'm using the system-assigned managed identity authentication but I get the following error
{
"errorCode": "2108",
"message": "{\"error\":{\"code\":\"AuthorizationFailed\",\"message\":\"The client 'xxxxxxxxxxxxxxxxxxxx' with object id 'xxxxxxxxxxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Synapse/workspaces/sqlPools/read' over scope '/subscriptions/xxxxxxxxxxxxxxxxxx/resourceGroups/xxxxxxxxxxx/providers/Microsoft.Synapse/workspaces/xxxxxxxxxxxxxxx/sqlPools/xxxxxxxxxxxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials.\"}}",
"failureType": "UserError",
"target": "PoolStatusCheck",
"details": []
}
I don't understand what I have to do to grant the managed identity access to the resource.
When synapse managed identity doesn't have to perform action like pause or resume then you may get above error. To resolve above error, add contributor role to workspace managed identity as follows:
Go to IAM of synapse workspace click on add select Add role assignment as shown below:
Go to Privileged administrator roles select contributor role as shown below:
Click on next select managed identity as shown below:
After successful role assignment web activity will run successfully without any error and actions like pause or resume will perform successfully with rest Api as shown below:
https://management.azure.com/subscriptions/XXX/resourceGroups/XXX/providers/Microsoft.Synapse/workspaces/XXX/sqlPools/XXX/{Action}?api-version=2019-06-01-preview
For more information you can refer to the document.