Answer-first summary for fast verification
Answer: database scoped credentials
## Detailed Explanation To create an external data source in Azure Synapse Analytics serverless SQL pool that allows Azure AD users to access Azure Data Lake Storage Gen2 (ADLS Gen2) when `AllowBlobPublicAccess` is disabled, **database scoped credentials** must be created first. ### Why Database Scoped Credentials are Required: 1. **Authentication Requirement**: When `AllowBlobPublicAccess` is disabled on the storage account, anonymous/public access is blocked. This means the external data source cannot access the storage without proper authentication. 2. **Azure AD Integration**: Database scoped credentials provide the mechanism to authenticate using Azure AD identities. They store the Azure AD identity information that will be used to access the storage account. 3. **Prerequisite for External Data Source**: The CREATE EXTERNAL DATA SOURCE statement in serverless SQL pool requires credentials when accessing ADLS Gen2 with authentication. The syntax explicitly requires the CREDENTIAL parameter when using authentication. 4. **Security Best Practice**: Using database scoped credentials with Azure AD authentication is the recommended security practice for accessing storage accounts, as it provides fine-grained access control and eliminates the need for shared access keys. ### Why Other Options Are Incorrect: - **A: External Resource Pool**: This is used for managing workload groups and resource allocation in dedicated SQL pools, not for authentication or external data access. - **B: External Library**: This is used for managing custom code libraries (like Python or R packages) in SQL pools, not for storage authentication. - **D: Remote Service Binding**: This is used in SQL Server for Service Broker communications between databases, not relevant to Azure Synapse Analytics external data sources. ### Implementation Flow: 1. Create database scoped credentials using CREATE DATABASE SCOPED CREDENTIAL 2. Create external data source referencing these credentials 3. Azure AD users can then query the external data source using their Azure AD identity This approach ensures secure, authenticated access to the storage account while maintaining the security posture of having public access disabled.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have an Azure Synapse Analytics serverless SQL pool named Pool1 and an Azure Data Lake Storage Gen2 account named storage1. The AllowBlobPublicAccess property is disabled for storage1.
You need to create an external data source in Pool1 that can be used by Azure Active Directory (Azure AD) users to access files in storage1.
What should you create first?
A
an external resource pool
B
an external library
C
database scoped credentials
D
a remote service binding
No comments yet.