Provisioning Access Control for Azure Synapse Workspace | DP-203 Exam Study Guide
Question
Michelle is a Data Engineer for Whizlabs Inc.
She's working on setting up access control settings for the Azure Synapse workspace.
She has listed the following steps as a sequence of provisioning access control for the Azure Synapse workspace.
a.
Set up security groups.
b.
Prepare the ADLS gen2 storage account.
c.
Create and configure the Azure Synapse workspace.
d.
Set up Network security using Synapse workspace firewall.
e.
Grant the workspace MSI access to a default storage container.
f.
Assignment of SQL Active Directory Admin role.
g.
Grant Synapse admin the Azure Contributor role to the workspace.
h.
Add users to the security group.
i.
Grant access to SQL pools.
Which of the following is the right sequence of steps for providing access control to the Azure Synapse workspace?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
Understanding the following sequence of assigning access control to Synapse workspace is effective for the security of Synapse workspace.
The correct sequence of steps for providing access control to the Azure Synapse workspace is:
Option D: b -> d -> a -> c -> e -> g -> f -> h -> i.
Here is the explanation for each step:
b. Prepare the ADLS gen2 storage account: Before setting up access control for the Azure Synapse workspace, the ADLS Gen2 storage account needs to be prepared as it is required for Synapse workspace.
d. Set up Network security using Synapse workspace firewall: The next step is to set up Network Security using Synapse workspace firewall. By default, the firewall is enabled and all incoming traffic is blocked except the traffic coming from Microsoft services. We need to create firewall rules to allow specific traffic to the workspace.
a. Set up security groups: Once the network security is configured, we need to set up security groups to manage access to the Synapse workspace. Security groups help manage access for multiple users at once.
c. Create and configure the Azure Synapse workspace: After setting up the security groups, we can create and configure the Azure Synapse workspace. The workspace will provide a collaborative environment for big data and analytics projects.
e. Grant the workspace MSI access to a default storage container: After the workspace is created, we need to grant the Managed Service Identity (MSI) access to a default storage container. This is necessary to allow the workspace to access the storage account.
g. Grant Synapse admin the Azure Contributor role to the workspace: To manage the workspace, we need to grant the Synapse admin the Azure Contributor role to the workspace. This role allows the admin to manage resources within the workspace.
f. Assignment of SQL Active Directory Admin role: Next, we assign the SQL Active Directory Admin role to a user or group. This role allows the user to manage the SQL Active Directory within the Synapse workspace.
h. Add users to the security group: After assigning the SQL Active Directory Admin role, we need to add users to the security group created earlier. This will allow them to access the workspace based on their permissions.
i. Grant access to SQL pools: Finally, we grant access to the SQL pools within the Synapse workspace. This will allow the users to work on the data stored in the SQL pools.
Therefore, the correct sequence of steps for providing access control to the Azure Synapse workspace is option D: b -> d -> a -> c -> e -> g -> f -> h -> i.
