Примечание
Для доступа к этой странице требуется авторизация. Вы можете попробовать войти или изменить каталоги.
Для доступа к этой странице требуется авторизация. Вы можете попробовать изменить каталоги.
Synapse RBAC roles are used to assign permissions to users, groups, and other security principals to enable access and use of Synapse resources. Общие сведения см. в статье Что такое управление доступом на основе ролей в Synapse (RBAC)?
This article explains how to review the current role assignments for a workspace.
With any Synapse RBAC role, you can list Synapse RBAC role assignments for all scopes, including assignments for objects you don't have access to. Only a Synapse Administrator can grant Synapse RBAC access.
Примечание.
A guest users (users from a different AD tenant) can also see and manage role assignment after being assigned the Synapse Administrator role.
Откройте Synapse Studio
To review role assignments, first open the Synapse Studio and select your workspace. Для входа в рабочую область существует два метода выбора учетной записи. Один идет из подписки Azure, другой из ручного ввода. При наличии роли Azure Synapse или ролей более высокого уровня вы можете использовать оба способа входа в рабочую область. Если у вас нет связанных ролей Azure и вам назначили роль RBAC в Synapse, ручной ввод является единственным способом входа в рабочую область.
Once you've opened your workspace, select the Manage hub on the left, then expand the Security section and select Access control.
Review workspace role assignments
The Access control screen lists all current role assignments for the workspace, grouped by role. Each assignment includes the principal name, principal type, role, and its scope.
If a principal is assigned the same role at different scopes, you'll see multiple assignments for the principal, one for each scope.
If a role is assigned to a security group, you'll see the roles explicitly assigned to the group but not roles inherited from parent groups.
You can filter the list by principal name or email, and selectively filter the object types, roles, and scopes. Enter your name or email alias in the Name filter to see roles assigned to you. Only a Synapse Administrator can change your roles.
Это важно
If you are directly or indirectly a member of a group that is assigned roles, you may have permissions that are not shown.
Подсказка
You can find your group memberships using Microsoft Entra ID in the Azure portal.
If you create a new workspace, you and the workspace MSI service principal are automatically given the Synapse Administrator role at workspace scope.