In this blog, we are going to cover Azure Synapse Encryption, Column and Row-level Security In Azure Synapse Analytics, and Use Azure Key Vault for secrets when creating Linked Services
Topics we’ll cover:
- Azure Synapse Encryption
- Column and Row-level Security In Azure Synapse Analytics
- Use Azure Key Vault for secrets when creating Linked Services
Azure Synapse Encryption
Azure Synapse Analytics (ASA) is a powerful solution that handles security for many of the resources that it creates and manages. In order to run ASA, however, some foundational security measures need to be put in place to ensure the infrastructure that it relies upon is secure.
Column and Row-Level Security In Azure Synapse Analytics
Prerequisites
- You should have your Azure subscription.
- You have your lab setup for the Labs
Note: If you have created the Synapse Workspace directly without doing the lab setup then you can get all the scripts from here: https://docs.microsoft.com/en-us/azure/synapse-analytics/sql-data-warehouse/column-level-security?view=sql-server-ver15
1.) Column level Security In Azure Synapse Analytics
Column-level security is simplifying on a plan and coding for the security in your application. It permits you to confine column access to protect sensitive data. For instance, if you want to ensure that a specific user ‘User1’ can only access certain columns of a table because he’s in a specific department.
The logic for ‘User1’ only to access the columns specified for the department he works in, is a logic that is located in the database tier, rather than on the application level data tier. If he needs to access data from any tier, the database should apply the access restriction every time he tries to access data from another tier.
The way to implement column-level security is by using the GRANT T-SQL statement. Using this statement, SQL and Azure Active Directory (AAD) support the authentication.
1. Open the Azure Portal and search for the Azure Synapse Analytics and Create the Workspace.
2. In Azure Synapse Studio, select Develop from the left menu.
3. From the Develop menu, expand the SQL scripts section, and select Lab Column Level Security.
4. In the toolbar menu, connect to the database on which you want to execute the query SQLPool01.
5. In the query window, run each step individually by highlighting the statement(s) in the step in the query window, and selecting the Run button from the toolbar (or enter F5).
6. You may now close the script tab, when prompted choose to Discard all changes
2.) Row-level Security In Azure Synapse Analytics
Row-level security (RLS) can assist you with making a group membership or execution setting to control columns in an information base table, however, the rows. RLS, very much like column-level security, can basically help and empower your plan and coding of your application security.
1. In Azure Synapse Studio, select Develop from the left menu.
2. From the Develop menu, expand the SQL scripts section, and select Lab Row Level Security.
CREATE SCHEMA Security;
GO
CREATE FUNCTION Security.tvf_securitypredicate(@SalesRep AS nvarchar(50))
RETURNS TABLE
WITH SCHEMABINDING
AS
RETURN SELECT 1 AS tvf_securitypredicate_result
WHERE @SalesRep = USER_NAME() OR USER_NAME() = 'Manager';
GO
3. In the toolbar menu, connect to the database on which you want to execute the query, SQLPool01.
4. In the query window, run each step individually by highlighting the statement(s) for the step in the query window and selecting the Run button from the toolbar (or enter F5).
5. You may now close the script tab, when prompted choose to Discard all changes
Azure Key Vault For Secrets When Creating Linked Services
Linked Services are synonymous with connection strings in Azure Synapse Analytics. Azure Synapse Analytics linked services provide the ability to connect to nearly 100 different types of external services ranging from Azure Storage Accounts to Amazon S3 and more.
1. Navigate to Azure Synapse Studio (https://web.azuresynapse.net) and sign in with the same user account you did in the Azure portal.
2. Select the Manage hub from the left menu.
3. Under the External Connections, select Linked Services, observe that a Linked Service pointing to your Key Vault has been provided in the environment.
Since we have the Azure Key Vault set up as a linked service, we can leverage it when defining new linked services. Every New linked service provides the option to retrieve secrets from Azure Key Vault. The form requests the selection of the Azure Key Vault linked service, the secret name, and (optional) specific version of the secret.
Related/References
- Microsoft Certified Azure Data Engineer Associate | DP 203 | Step By Step Activity Guides (Hands-On Labs)
- Exam DP-203: Data Engineering on Microsoft Azure
- Microsoft Azure Data Engineer Associate [DP-203] Interview Questions
- Azure Data Lake For Beginners: All you Need To Know
- Batch Processing Vs Stream Processing: All you Need To Know
- Reading and Writing Data In DataBricks
Next Task For You
In our Azure Data Engineer training program, we will cover all the exam objectives, 27 Hands-On Labs, and practice tests. If you want to begin your journey towards becoming a Microsoft Certified: Azure Data Engineer Associate check our FREE CLASS.
The post Encryption With Azure Synapse Analytics appeared first on Cloud Training Program.