Permissions for @turbot/azure-synapseanalytics
Taking a look at permissions and associated grant levels for each permission for Synapse Analytics:
| Permission | Grant Level | Help |
|---|---|---|
| microsoft.synapse/workspaces/integrationruntimes/read | metadata | get integration runtime operation result. |
| microsoft.synapse/workspaces/integrationruntimes/write | admin | create or update integration runtimes. |
| microsoft.synapse/workspaces/integrationruntimes/delete | admin | delete integration runtimes |
| microsoft.synapse/workspaces/integrationruntimes/getstatus/action | operator | get an integration runtime status |
| microsoft.synapse/workspaces/integrationruntimes/start/action | operator | start an integration runtime |
| microsoft.synapse/workspaces/integrationruntimes/stop/action | operator | stop an integration runtime |
| microsoft.synapse/workspaces/integrationruntimes/getconnectioninfo/action | operator | get connection info of an integration runtime |
| microsoft.synapse/workspaces/integrationruntimes/regenerateauthkey/action | operator | regenerate auth key of an integration runtime |
| microsoft.synapse/workspaces/integrationruntimes/listauthkeys/action | operator | list auth keys of an integration runtime |
| microsoft.synapse/workspaces/integrationruntimes/removenode/action | operator | remove an integration runtime node |
| microsoft.synapse/workspaces/integrationruntimes/monitoringdata/action | operator | get an integration runtime's monitoring data |
| microsoft.synapse/workspaces/integrationruntimes/synccredentials/action | operator | sync credential on an integration runtime |
| microsoft.synapse/workspaces/integrationruntimes/upgrade/action | operator | upgrade an integration runtime |
| microsoft.synapse/workspaces/integrationruntimes/removelinks/action | operator | remove an integration runtime link |
| microsoft.synapse/workspaces/integrationruntimes/enableinteractivequery/action | operator | enable interactive query on an integration runtime |
| microsoft.synapse/workspaces/integrationruntimes/disableinteractivequery/action | operator | disable interactive query on an integration runtime |
| microsoft.synapse/workspaces/integrationruntimes/refreshobjectmetadata/action | operator | refresh object metadata on an intergration runtime |
| microsoft.synapse/workspaces/integrationruntimes/getobjectmetadata/action | operator | get object metadata on an intergration runtime |
| microsoft.synapse/workspaces/managedidentitysqlcontrolsettings/write | admin | update managed identity sql control settings |
| microsoft.synapse/workspaces/managedidentitysqlcontrolsettings/read | metadata | get managed identity sql control settings |
| microsoft.synapse/workspaces/scopepools/write | admin | create or update scope pools. |
| microsoft.synapse/workspaces/scopepools/read | metadata | read scope pools. |
| microsoft.synapse/workspaces/scopepools/delete | admin | delete scope pools. |
| microsoft.synapse/operations/read | metadata | read available operations. |
| microsoft.synapse/workspaces/integrationruntimes/nodes/read | metadata | get integration runtime node. |
| microsoft.synapse/workspaces/integrationruntimes/nodes/delete | admin | delete integration runtime node. |
| microsoft.synapse/workspaces/integrationruntimes/nodes/write | admin | patch integration runtime node. |
| microsoft.synapse/workspaces/integrationruntimes/nodes/ipaddress/action | operator | get integration runtime ip address |
| microsoft.synapse/workspaces/firewallrules/write | admin | create or update ip firewall rule. |
| microsoft.synapse/workspaces/firewallrules/read | metadata | read ip firewall rule |
| microsoft.synapse/workspaces/firewallrules/delete | admin | delete ip firewall rule |
| microsoft.synapse/workspaces/replaceallipfirewallrules/action | operator | replace all ip firewall rules for the workspace. |
| microsoft.synapse/workspaces/write | admin | create or update workspaces. |
| microsoft.synapse/workspaces/read | metadata | read workspaces. |
| microsoft.synapse/workspaces/delete | admin | delete workspaces. |
| microsoft.synapse/workspaces/sqlpools/write | admin | create or update sql analytics pools. |
| microsoft.synapse/workspaces/sqlpools/read | metadata | read sql analytics pools. |
| microsoft.synapse/workspaces/sqlpools/delete | admin | delete sql analytics pools. |
| microsoft.synapse/workspaces/sqlpools/pause/action | operator | pause sql analytics pools. |
| microsoft.synapse/workspaces/sqlpools/resume/action | operator | resume sql analytics pools. |
| microsoft.synapse/workspaces/sqlpools/restorepoints/action | operator | create sql analytics pool restore point. |
| microsoft.synapse/workspaces/sqlpools/move/action | operator | rename sql analytics pools. |
| microsoft.synapse/workspaces/sqlpools/datawarehousequeries/read | metadata | read sql analytics pool queries. |
| microsoft.synapse/workspaces/sqlpools/geobackuppolicies/read | metadata | read sql analytics pool geo backup policies. |
| microsoft.synapse/workspaces/sqlpools/datawarehouseuseractivities/read | metadata | read sql analytics pool user activities. |
| microsoft.synapse/workspaces/sqlpools/restorepoints/read | metadata | read sql analytics pool restore points. |
| microsoft.synapse/workspaces/sqlpools/datawarehousequeries/datawarehousequerysteps/read | metadata | read sql analytics pool query steps. |
| microsoft.synapse/workspaces/sqlpools/maintenancewindows/read | metadata | read sql analytics pool maintenance windows. |
| microsoft.synapse/workspaces/sqlpools/maintenancewindows/write | admin | create or update sql analytics pool maintenance windows. |
| microsoft.synapse/workspaces/sqlpools/maintenancewindowoptions/read | metadata | read sql analytics pool maintenance window options. |
| microsoft.synapse/workspaces/sqlpools/replicationlinks/read | metadata | read sql analytics pool replication links. |
| microsoft.synapse/workspaces/sqlpools/transparentdataencryption/read | metadata | read sql analytics pool transparent data encryption configuration. |
| microsoft.synapse/workspaces/sqlpools/transparentdataencryption/write | admin | create or update sql analytics pool transparent data encryption configuration. |
| microsoft.synapse/workspaces/sqlpools/transparentdataencryption/operationresults/read | metadata | read sql analytics pool transparent data encryption configuration operation results. |
| microsoft.synapse/workspaces/sqlpools/auditingsettings/read | metadata | read sql analytics pool auditing settings. |
| microsoft.synapse/workspaces/sqlpools/auditingsettings/write | admin | create or update sql analytics pool auditing settings. |
| microsoft.synapse/workspaces/sqlpools/operations/read | metadata | read sql analytics pool operations. |
| microsoft.synapse/workspaces/sqlpools/usages/read | metadata | read sql analytics pool usages. |
| microsoft.synapse/workspaces/sqlpools/currentsensitivitylabels/read | metadata | read sql analytics pool current sensitivity labels. |
| microsoft.synapse/workspaces/sqlpools/recommendedsensitivitylabels/read | metadata | read sql analytics pool recommended sensitivity labels. |
| microsoft.synapse/workspaces/sqlpools/schemas/read | metadata | read sql analytics pool schemas. |
| microsoft.synapse/workspaces/sqlpools/schemas/tables/read | metadata | read sql analytics pool schema tables. |
| microsoft.synapse/workspaces/sqlpools/schemas/tables/columns/read | metadata | read sql analytics pool schema table columns. |
| microsoft.synapse/workspaces/sqlpools/connectionpolicies/read | metadata | read sql analytics pool connection policies. |
| microsoft.synapse/workspaces/sqlpools/vulnerabilityassessments/read | metadata | read sql analytics pool vulnerability assessment. |
| microsoft.synapse/workspaces/sqlpools/vulnerabilityassessments/delete | admin | delete sql analytics pool vulnerability assessment. |
| microsoft.synapse/workspaces/sqlpools/vulnerabilityassessments/scans/read | metadata | read sql analytics pool vulnerability assessment scan records. |
| microsoft.synapse/workspaces/sqlpools/vulnerabilityassessments/scans/initiatescan/action | operator | initiate sql analytics pool vulnerability assessment scan records. |
| microsoft.synapse/workspaces/sqlpools/vulnerabilityassessments/scans/export/action | operator | export sql analytics pool vulnerability assessment scan records. |
| microsoft.synapse/workspaces/sqlpools/securityalertpolicies/read | metadata | read sql analytics pool threat detection policies. |
| microsoft.synapse/workspaces/sqlpools/securityalertpolicies/write | admin | create or update sql analytics pool threat detection policies. |
| microsoft.synapse/workspaces/sqlpools/schemas/tables/columns/sensitivitylabels/enable/action | operator | enable sql analytics pool sensitivity labels. |
| microsoft.synapse/workspaces/sqlpools/schemas/tables/columns/sensitivitylabels/disable/action | operator | disable sql analytics pool sensitivity labels. |
| microsoft.synapse/workspaces/sqlpools/schemas/tables/columns/sensitivitylabels/write | admin | create or update sql analytics pool sensitivity labels. |
| microsoft.synapse/workspaces/sqlpools/schemas/tables/columns/sensitivitylabels/delete | admin | delete sql analytics pool sensitivity labels.2 |
| microsoft.synapse/workspaces/sqlpools/vulnerabilityassessments/rules/baselines/write | admin | create or update sql analytics pool vulnerability assessment rule baseline. |
| microsoft.synapse/workspaces/sqlpools/vulnerabilityassessments/rules/baselines/delete | admin | delete sql analytics pool vulnerability assessment rule baseline. |
| microsoft.synapse/workspaces/operationstatuses/read | metadata | read async operation status. |
| microsoft.synapse/workspaces/operationresults/read | metadata | read async operation result. |
| microsoft.synapse/workspaces/sqlpools/operationresults/read | metadata | read async operation result. |
| microsoft.synapse/workspaces/bigdatapools/write | admin | create or update spark pools. |
| microsoft.synapse/workspaces/bigdatapools/read | metadata | read spark pools. |
| microsoft.synapse/workspaces/bigdatapools/delete | admin | delete spark pools. |
| microsoft.synapse/workspaces/sqlpools/metadatasync/write | admin | create or update sql analytics pool metadata sync config |
| microsoft.synapse/workspaces/sqlpools/metadatasync/read | metadata | read sql analytics pool metadata sync config |
| microsoft.synapse/workspaces/recoverablesqlpools/read | metadata | gets recoverable sql analytics pools |
| microsoft.synapse/workspaces/administrators/write | admin | set active directory administrator |
| microsoft.synapse/workspaces/administrators/read | metadata | get workspace active directory administrator |
| microsoft.synapse/workspaces/administrators/delete | admin | delete workspace active directory administrator |
| microsoft.synapse/workspaces/privateendpointconnections/write | admin | create or update private endpoint connection |
| microsoft.synapse/workspaces/privateendpointconnections/read | metadata | read private endpoint connections |
| microsoft.synapse/workspaces/privateendpointconnections/delete | admin | delete private endpoint connection |
| microsoft.synapse/workspaces/privateendpointconnectionproxies/validate/action | operator | validates private endpoint connection proxy |
| microsoft.synapse/workspaces/privateendpointconnectionproxies/write | admin | create or update private endpoint connection proxy |
| microsoft.synapse/workspaces/privateendpointconnectionproxies/read | metadata | read private endpoint connection proxies |
| microsoft.synapse/workspaces/privateendpointconnectionproxies/delete | admin | delete private endpoint connection proxy |
| microsoft.synapse/workspaces/privatelinkresources/read | metadata | get private link resources |
| microsoft.synapse/workspaces/providers/microsoft.insights/diagnosticsettings/read | metadata | read workspace diagnostic settings |
| microsoft.synapse/workspaces/providers/microsoft.insights/diagnosticsettings/write | admin | write workspace diagnostic settings |
| microsoft.synapse/workspaces/providers/microsoft.insights/metricdefinitions/read | metadata | read workspace metric definitions |
| microsoft.synapse/workspaces/bigdatapools/providers/microsoft.insights/diagnosticsettings/read | metadata | read big data pool diagnostic settings |
| microsoft.synapse/workspaces/bigdatapools/providers/microsoft.insights/diagnosticsettings/write | admin | write read big data pool diagnostic settings |
| microsoft.synapse/workspaces/bigdatapools/providers/microsoft.insights/metricdefinitions/read | metadata | read big data pools metric definitions |
| microsoft.synapse/workspaces/sqlpools/providers/microsoft.insights/diagnosticsettings/read | metadata | read sql pool diagnostic settings |
| microsoft.synapse/workspaces/sqlpools/providers/microsoft.insights/diagnosticsettings/write | admin | write sql pool diagnostic settings |
| microsoft.synapse/workspaces/sqlpools/providers/microsoft.insights/metricdefinitions/read | metadata | read sql pools metric definitions |
| microsoft.synapse/workspaces/sqlpools/extensions/read | metadata | get sql analytics pool extension |
| microsoft.synapse/workspaces/sqlpools/extensions/write | admin | change the extension for a given sql analytics pool |
| microsoft.synapse/workspaces/sqlpools/providers/microsoft.insights/logdefinitions/read | metadata | read sql pool log definitions |
| microsoft.resources/deployments/cancel/action | operator | operator level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/delete | operator | operator level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/operations/read | metadata | |
| microsoft.resources/deployments/read | metadata | |
| microsoft.resources/deployments/validate/action | operator | |
| microsoft.resources/deployments/write | operator | operator level is safe as users still need the service specific write permissions to deploy resources. |
| microsoft.resources/subscriptions/resourcegroups/read | metadata |