Azure Service Principal authorization allows you to assign restricted permissions to applications and services accessing Azure external object storage.
If you are using Azure Service Principal authorization, configure your external object storage to allow Analytics Database to access it.
Use the authorization object to control access in CREATE FOREIGN TABLE, READ_NOS, and WRITE_NOS commands.
- If not already done, log on to Analytics Database as an administrative user who can grant others privileges.
- Grant the appropriate privileges to the user.To create an authorization object, the user needs the CREATE AUTHORIZATION privileges.
- Log off as the administrative user.
- To run NOS-related commands, log on to the database as a user with the required privileges.
- Create an Azure Service Principal authorization object.Create the authorization object in the same database as the foreign table that uses it.
CREATE AUTHORIZATION Asp_Simple_Auth USING AUTHSERVICETYPE 'AZURE_SERVICE_PRINCIPAL' CLIENT_ID 'client_id' CLIENT_SECRET 'client_secret' TENANT_ID 'tenant_id';
Replace client_id, client_secret, and tenant_id with the appropriate values from your external object storage.
- View the definition of the authorization object. For example:
SHOW AUTHORIZATION Asp_Simple_Auth;
Note, the CLIENT_SECRET and the TENANT_ID are not returned in the result.
For information about Azure Service Principal authorization objects, see CREATE AUTHORIZATION and REPLACE AUTHORIZATION.
Prerequisites
Create the Authorization Object