Example: Creating an Azure Service Principal INVOKER TRUSTED Authorization - Teradata Vantage

Teradata® VantageCloud Lake
Deployment
VantageCloud
Edition
Lake
Product
Teradata Vantage
Published
January 2023
Language
English (United States)
Last Update
2024-04-03
dita:mapPath
phg1621910019905.ditamap
dita:ditavalPath
pny1626732985837.ditaval
dita:id
phg1621910019905
  1. Create the authorization object or ask an administrator to create it:
    CREATE AUTHORIZATION Asp_Invoker_Auth
AS INVOKER TRUSTED
USING
AUTHSERVICETYPE 'AZURE_SERVICE_PRINCIPAL'
CLIENT_ID 'client_id'
CLIENT_SECRET 'client_secret'
TENANT_ID 'tenant_id';

    Where:

    • client_id is the application identification for the Azure service principal.
    • client_secret is the password associated with the Azure service principal.
    • tenant_id is the identifier of Microsoft Entra ID instance.
  2. Use SHOW AUTHORIZATION to show the authorization object:
    SHOW AUTHORIZATION Asp_Invoker_Auth;

    Result:

    CREATE AUTHORIZATION Asp_Invoker_Auth AS INVOKER TRUSTED
USING
AUTHSERVICETYPE 'AZURE_SERVICE_PRINCIPAL'
CLIENT_ID 'client_id';
    SHOW AUTHORIZATION does not display credentials or the tenant ID.
  3. Use the authorization object in a query.
    For example, use the authorization object with a foreign table:
    CREATE FOREIGN TABLE Asp_Table
,EXTERNAL SECURITY INVOKER TRUSTED Asp_Invoker_Auth
USING
( LOCATION('/AZ/your-storage.blob.core.windows.net/test-az-sp/file_10MB.parquet')
);