AcademyCustomer Portal

Data Access Management

The Data Access Management sub-module controls all Access Management operations at the platform level.

Crawl

An instance-level Data Access Admin can crawl Users, Groups, and their associated permissions across Databases, Schemas, and Tables on all connectors hosted within the same instance.

Database and Schema: Provides checkbox options to select specific databases and schemas for crawling. The interface displays selection status in the format (selected/total).

Schedule: In addition to manual crawls, the instance-level Data Access Admin can schedule crawls at defined intervals. This enables periodic sync with the source system and supports consistent access governance.

Grouping of connectors by instance

The created connectors are grouped in the Data Access module according to their associated server instance, shown in a hierarchical tree view on the left side of the page. The tabs displayed for each instance level vary depending on the type of connector.

For Azure Synapse Analytics, the connectors tab lists all connectors hosted under this instance. Connectors are visible in addition to the Instance Details.

Instance Details

The Instance Detail screen displays two tabs:

Instance Summary Tab

The Instance Summary tab serves as the landing page for Synapse connectors at the instance level. It displays all the connection parameters configured during connector setup. Parameters such as Select Bridge, Connection String, Username, Password, Database Name, and Credential Manager can be modified if required. Parameters such as Server, Port, and Authentication Type cannot be modified.

Instance Data Access Admins

Instance Data Access Admins display a list of all Instance Data Access Administrators associated with different connectors in the instance.

To add or modify Instance Data Access Admins:

  • In the Instance Data Access Admins section, click the pencil icon.

  • Select one or more roles from the list.

  • Click Save to apply changes.

Notification Tab

Click the pencil icon to configure recipients for each activity notification:

  • Use the toggle buttons to enable or disable the following notifications:

    • Changes to Azure Entra Groups/Users identified during the crawl

    • Configure notifications for Data Access Admin

  • Select specific application users, teams, or roles as recipients of notifications.

  • Notifications will be sent to the selected recipients based on the configured settings.

  • Click Save to apply the changes.

Connectors

The Connector tab shows a list of all configured Synapse connectors under an instance.

Attributes:

  • Connector ID: Shows the unique identifier for the connector.

  • Connection Name: Shows the configured name of the Synapse connection.

  • Database: Indicates the name of the connected database.

  • Last Crawled Date: Captures the most recent date and time of metadata crawl.

The system displays a hierarchical tree where all connectors appear under the instance. Click the connector name to open the connector-level screen.

Azure Entra Users

The Azure Entra Users tab shows all users from Azure Active Directory after the metadata crawl. This tab allows data administrators to review user identities, access mappings, and application-specific parameters.

Attributes:

  • Azure Entra User: Displays the user's name from Azure AD.

  • Object ID: Shows the globally unique identifier assigned to the user in Azure.

  • User Principal Name: Indicates the login name of the user, usually in email format.

  • Groups: Lists the Azure Entra groups to which the user is associated.

  • Application Created Date: Shows the date & time when the user was crawled into the application.

  • Application User: Indicates whether a user with the same name already exists within the application. If a match exists, the users are automatically synchronized and treated as a single entity across the system.

Azure Entra Groups

The Azure Entra Groups tab lists all groups detected in Azure Active Directory during the crawl.

Attributes:

  • Azure Entra Group: Displays the name of the group from Azure AD.

  • Object ID: Shows the unique identifier for the group in Azure.

  • Source: Indicates the origin system of the group.

  • Application Created Date: Shows the date & time when the group was created in the application.

  • Application Role: Displays the role assigned to the group within the application.

Connector Level

The following tabs are displayed for each connector level. Navigate to a connector under each server instance in the left-side hierarchical Data Access Management grouping.

Connector Details

Below are its listed sub-tabs:

Summary Tab

The Connector Data Access Admins (DAA) can manage various settings for a connector on the Connector Summary page and define the Connector Data Access Administrator roles on this connector.

Click the pencil icon to edit and select one or more roles from the list.

Enable Access Management & Sync Synapse Permissions to Application Permissions:

This setting enables or disables the synchronization and configuration of Synapse data object permissions for roles and users, aligning them with the corresponding applicable permissions within the application.

Permissions Tab

The Permissions tab displays the mapping of different databases/schemas/tables permissions of the data source to Application-specific permissions.

For example, SELECT permission on a Synapse Database corresponds to Meta Read Data Read in the Application.

Notification Tab

Click the pencil icon to configure recipients for each activity notification:

  • Use the toggle buttons to enable or disable the following notifications:

    • Changes to Synapse Roles/Users identified during crawling

    • Changes to Permissions of Databases, Schemas, and Tables observed during crawling (source system sync)

    • Data Access Admin-related notifications

  • Select specific application users, teams, or roles as recipients of notifications.

  • Notifications will be sent based on the selected recipients and configured settings.

  • Click Save to apply the changes.

Databases Role Tab

The Databases Role tab provides a consolidated view of roles associated with the configured Synapse database.

Each role includes the following attributes:

  • Synapse Role: Name of the role in Synapse

  • Role Type: This indicates the exact role type, such as Database Role.

  • Type: Custom or System

  • Source: Origin of the role, such as Remote

  • Synapse Created Date: Records when the role was created in Synapse

  • Synapse Modified Date: Records when the role was last modified in Synapse

  • Application Created Date: Records when the role was created in the application.

Databases User Tab

The Databases User tab provides a consolidated view of users associated with the configured Synapse database.

Each user includes the following attributes:

  • Synapse Database User: Name of the user linked to the Synapse database

  • User Type: Classification of the user, such as SQL user or external user

  • Type: Custom or system

  • Synapse Role: Role(s) assigned to the user within the Synapse database

  • Source: Origin of the user

  • Synapse Created Date: Records when the user was created in Synapse

  • Synapse Modified Date: Records when the user was last modified in Synapse

  • Application Created Date: Records when the user was crawled into the application.

Database Tab

The Database tab displays each Synapse database that has been crawled into the application. It displays the associated roles and users, along with the respective permissions. Permissions appear grouped by roles and users, allowing clear visibility into access at the database level.

Each database includes the following attributes:

  • Database: Name of the crawled Synapse database

  • Roles/Users & Permissions: Displays a list of users and roles, along with the assigned permissions for each corresponding database.

Schemas Tab

The Schemas tab displays the schemas crawled into the application, with permissions assigned to roles and users. This page displays permissions organized by role.

Attributes

  • Schema: Name of the crawled schema

  • Roles/Users & Permissions: Displays a list of users and roles, along with the assigned permissions for each corresponding schema.

Tables Tab

The Tables tab displays the tables crawled into the application, with permissions assigned to roles and users. This page displays permissions organized by role.

The Type column identifies whether the object is a Table, View, or Materialized View.

The tab also shows if any tags are attached to the table and whether a row access policy is applied.

Attributes

  • Schema: Name of the schema containing the table

  • Type: Indicates if the object is a Table, View, or Materialized View

  • Table: Name of the crawled table

  • Roles/Users & Permissions: Displays a list of users and roles, along with the assigned permissions for each corresponding table.

Copyright © 2025, OvalEdge LLC, Peachtree Corners GA USA

PreviousAzure Synapse AnalyticsNextData Access Audit

Last updated

Was this helpful?