You have an enterprise-wide Azure Data Lake Storage Gen2 account. The data lake is accessible only through an Azure virtual network named VNET1.
You are building a SQL pool in Azure Synapse that will use data from the data lake.
Your company has a sales team. All the members of the sales team are in an Azure Active Directory group named Sales. POSIX controls are used to assign the
Sales group access to the files in the data lake.
You plan to load data to the SQL pool every hour.
You need to ensure that the SQL pool can load the sales data from the data lake.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.ACD
A: The managed identity grants permissions to the dedicated SQL pools in the workspace.
Note: Managed identity for Azure resources is a feature of Azure Active Directory. The feature provides Azure services with an automatically managed identity in
Azure AD -
https://docs.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-managed-identityTo ensure that the SQL pool can load sales data from the data lake, you should take the following three actions:
A. Create a managed identity: Managed identities are automatically managed Azure AD identities that provide a secure way to authenticate services to access resources. Create a managed identity for the SQL pool to securely access the data lake through VNET1.
C. Add the managed identity to the Sales group: Once the managed identity is created, add it to the Sales group in Azure AD. This allows the managed identity to inherit the POSIX access control permissions that the Sales group has on the data lake files.
F. Use the managed identity as the credentials for the data load process: Configure the SQL pool to use the managed identity as the credentials for the data load process. This will enable the SQL pool to securely access the data lake and load the sales data every hour.
Therefore, the correct answer options are A, C, and F.
Option B is incorrect because using a shared access signature (SAS) as the credentials for data load process can introduce security risks, as the SAS token can be shared with others, and it might expire before the data load process completes.
Option D is incorrect because adding your Azure AD account to the Sales group doesn't make sense, as it doesn't provide any secure way to authenticate services.
Option E is also incorrect because creating a shared access signature (SAS) doesn't provide secure authentication between the SQL pool and data lake.