Skip to main content Skip to complementary content

Required permissions

The following topic describes which permissions are required when using Microsoft Azure Synapse Analytics as a target endpoint in a Replicate task.

Storage permissions

The user specified in the Microsoft Azure Synapse Analytics endpoint settings must be granted the following storage permissions.

  • Applicable when using either Blob storage or ADLS Gen2 storage:
    • On the Azure Blob/ADLS Gen2 Storage container: LIST
    • On the Azure Blob/ADLS Gen2 Storage folder: READ, WRITE and DELETE
    • When electing to use the COPY Statement load method (in the endpoint settings' General tab), Synapse uses its Managed Identity to access the storage account. This requires the Synapse identity to be granted the "Storage Blob Data Contributor" permission on the storage account.
  • Relevant when using ADLS Gen2 storage only:

    • In the Access Control (IAM) settings for the ADLS Gen2 file system, assign the “Storage Blob Data Contributor” role to Replicate (AD App ID). It may take a few minutes for the role to take effect.

Database permissions

The user specified in the Microsoft Azure Synapse Analytics endpoint settings must be granted the following permissions:

  • General permissions:

    • db_owner role
  • Table permissions:

    • SELECT, INSERT, UPDATE and DELETE
    • Bulk Load
    • CREATE, ALTER, DROP (if required by the task's definition)

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!