- Create the authorization object or ask an administrator to create it:
CREATE AUTHORIZATION Asp_Invoker_Auth AS INVOKER TRUSTED USING AUTHSERVICETYPE 'AZURE_SERVICE_PRINCIPAL' CLIENT_ID 'client_id' CLIENT_SECRET 'client_secret' TENANT_ID 'tenant_id';
Where:
- client_id is the application identification for the Azure service principal.
- client_secret is the password associated with the Azure service principal.
- tenant_id is the identifier of Microsoft Entra ID instance.
- Use SHOW AUTHORIZATION to show the authorization object:
SHOW AUTHORIZATION Asp_Invoker_Auth;
Result:
CREATE AUTHORIZATION Asp_Invoker_Auth AS INVOKER TRUSTED USING AUTHSERVICETYPE 'AZURE_SERVICE_PRINCIPAL' CLIENT_ID 'client_id';
SHOW AUTHORIZATION does not display credentials or the tenant ID. - Use the authorization object in a query. For example, use the authorization object with a foreign table:
CREATE FOREIGN TABLE Asp_Table ,EXTERNAL SECURITY INVOKER TRUSTED Asp_Invoker_Auth USING ( LOCATION('/AZ/your-storage.blob.core.windows.net/test-az-sp/file_10MB.parquet') );