How to Use System-Assigned Managed Identity for Secure Access to Blob Storage in Synapse Notebook?

Vaibhav Patil 255 Reputation points
2024-10-28T11:53:36.3733333+00:00

Hello Community,

I'm currently working on a project in Azure Synapse Analytics and would like to enhance the security of my data access. My Python code in the Synapse notebook currently accesses Blob Storage using a connection string, but I want to switch to using a system-assigned managed identity for passwordless access.

Could you please provide the steps to configure and use a system-assigned managed identity for accessing Blob Storage securely within a Synapse notebook?
Any code examples or configuration tips would be greatly appreciated!

Pls don't sent me a chatgpt prompt

Thank you in advance for your help!

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,292 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,003 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,093 questions
Azure Data Lake Analytics
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,092 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Deepanshu katara 12,635 Reputation points
    2024-10-28T12:36:21.5033333+00:00

    Hello Vaibhav, Welcome to MS Q&A

    • To configure and use a system-assigned managed identity for accessing Blob Storage securely within a Synapse notebook, follow these steps:

    Enable Managed Identity: Ensure that your Synapse workspace has a system-assigned managed identity. This is usually enabled by default for the workspace.

    Assign Role to Managed Identity:

    1. Navigate to your Blob Storage account in the Azure portal.
    2. Go to the "Access control (IAM)" section.
    3. Click on "Add" and then "Add role assignment".
    4. Assign the role of "Storage Blob Data Contributor" to the managed identity associated with your Synapse workspace.

    Use Managed Identity in Synapse Notebook:

    • When running your Spark notebooks, enable "Run as managed identity" from the Configure session menu.
    • You can now access Blob Storage using the managed identity without needing to manage credentials manually.

    Please let me know if you have any other questions

    Kindly accept answer if you think not a chatgpt response :)

    References:

    Thanks

    Deepanshu


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.