diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py b/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py index 92df13c9b8f..a0c1aad0a07 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py @@ -123,7 +123,7 @@ def cf_synapse_spark_session(cli_ctx, workspace_name, sparkpool_name): return synapse_spark_factory(cli_ctx, workspace_name, sparkpool_name).spark_session -def cf_synapse_client_accesscontrol_factory(cli_ctx, workspace_name): +def synapse_accesscontrol_factory(cli_ctx, workspace_name): from azure.synapse.accesscontrol import AccessControlClient from azure.cli.core._profile import Profile from azure.cli.core.commands.client_factory import get_subscription_id @@ -139,6 +139,14 @@ def cf_synapse_client_accesscontrol_factory(cli_ctx, workspace_name): ) +def cf_synapse_role_assignments(cli_ctx, workspace_name): + return synapse_accesscontrol_factory(cli_ctx, workspace_name).role_assignments + + +def cf_synapse_role_definitions(cli_ctx, workspace_name): + return synapse_accesscontrol_factory(cli_ctx, workspace_name).role_definitions + + def cf_graph_client_factory(cli_ctx, **_): from azure.cli.core._profile import Profile from azure.cli.core.commands.client_factory import configure_common_settings diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_help.py b/src/azure-cli/azure/cli/command_modules/synapse/_help.py index 240d5168312..1a01bdcb49d 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_help.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_help.py @@ -858,6 +858,20 @@ short-summary: Manage Synapse's role assignments and definitions. """ +helps['synapse role scope'] = """ +type: group +short-summary: Manage Synapse's role scopes. +""" + +helps['synapse role scope list'] = """ +type: command +short-summary: List role scopes. +examples: + - name: List role scopes. + text: |- + az synapse role scope list --workspace-name testsynapseworkspace +""" + helps['synapse role assignment'] = """ type: group short-summary: Manage Synapse's role assignments. @@ -883,7 +897,7 @@ - name: List role assignments by role id/name. text: |- az synapse role assignment list --workspace-name testsynapseworkspace \\ - --role "Sql Admin" + --role "Synapse Apache Spark Administrator" - name: List role assignments by assignee. text: |- az synapse role assignment list --workspace-name testsynapseworkspace \\ @@ -891,7 +905,15 @@ - name: List role assignments by objectId of the User, Group or Service Principal. text: |- az synapse role assignment list --workspace-name testsynapseworkspace \\ - --assignee 00000000-0000-0000-0000-000000000000 + --assignee-object-id 00000000-0000-0000-0000-000000000000 + - name: List role assignments by scope. + text: |- + az synapse role assignment list --workspace-name testsynapseworkspace \\ + --scope "workspaces/{workspaceName}" + - name: List role assignments by item type and item name. + text: |- + az synapse role assignment list --workspace-name testsynapseworkspace \\ + --item-type "bigDataPools" --item "bigDataPoolName" """ helps['synapse role assignment create'] = """ @@ -901,15 +923,24 @@ - name: Create a role assignment using service principal name. text: |- az synapse role assignment create --workspace-name testsynapseworkspace \\ - --role "Sql Admin" --assignee sp_name + --role "Synapse Administrator" --assignee sp_name - name: Create a role assignment using user principal name. text: |- az synapse role assignment create --workspace-name testsynapseworkspace \\ - --role "Sql Admin" --assignee username@contoso.com + --role "Synapse Administrator" --assignee username@contoso.com - name: Create a role assignment using objectId of the User, Group or Service Principal. text: |- az synapse role assignment create --workspace-name testsynapseworkspace \\ - --role "Sql Admin" --assignee 00000000-0000-0000-0000-000000000000 + --role "Synapse Administrator" --assignee 00000000-0000-0000-0000-000000000000 + - name: Create a role assignment at scope. + text: |- + az synapse role assignment create --workspace-name testsynapseworkspace \\ + --scope "workspaces/{workspaceName}" --role "Synapse Administrator" --assignee username@contoso.com + - name: Create a role assignment at scope that combination of item type and item name. + text: |- + az synapse role assignment create --workspace-name testsynapseworkspace \\ + --item-type "bigDataPools" --item "bigDataPoolName" --role "Synapse Administrator" \\ + --assignee username@contoso.com """ helps['synapse role assignment delete'] = """ @@ -919,11 +950,11 @@ - name: Delete role assignments by role and assignee. text: |- az synapse role assignment delete --workspace-name testsynapseworkspace \\ - --role "Sql Admin" --assignee sp_name + --role "Synapse Administrator" --assignee sp_name - name: Delete role assignments by role id/name. text: |- az synapse role assignment delete --workspace-name testsynapseworkspace \\ - --role "Sql Admin" + --role "Synapse Administrator" - name: Delete role assignments by service principal name. text: |- az synapse role assignment delete --workspace-name testsynapseworkspace \\ @@ -940,6 +971,10 @@ text: |- az synapse role assignment delete --workspace-name testsynapseworkspace \\ --ids 10000000-0000-0000-0000-10000000-10000000-0000-0000-0000-10000000 + - name: Delete role assignments by scope. + text: |- + az synapse role assignment delete --workspace-name testsynapseworkspace \\ + --scope "workspaces/testsynapseworkspace/linkedServices/testlinkedServices" """ helps['synapse role definition'] = """ @@ -954,6 +989,9 @@ - name: List role definitions. text: |- az synapse role definition list --workspace-name testsynapseworkspace + - name: List role definitions built-in by Synapse. + text: |- + az synapse role definition list --workspace-name testsynapseworkspace --is-built-in True """ helps['synapse role definition show'] = """ @@ -964,6 +1002,10 @@ text: |- az synapse role definition show --workspace-name testsynapseworkspace \\ --role 00000000-0000-0000-0000-000000000000 + - name: Get role definition by role name. + text: |- + az synapse role definition show --workspace-name testsynapseworkspace \\ + --role "Synapse SQL Administrator" """ helps['synapse linked-service'] = """ diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/_params.py index 7e20333e5e9..a8b00de3368 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_params.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_params.py @@ -12,14 +12,21 @@ from azure.cli.core.util import get_json_object, shell_safe_json_parse from ._validators import validate_storage_account, validate_statement_language from ._completers import get_role_definition_name_completion_list -from .constant import SparkBatchLanguage, SparkStatementLanguage, SqlPoolConnectionClientType, \ - SqlPoolConnectionClientAuthenticationType +from .constant import SparkBatchLanguage, SparkStatementLanguage, SqlPoolConnectionClientType, PrincipalType, \ + SqlPoolConnectionClientAuthenticationType, ItemType from .action import AddFilters, AddOrderBy workspace_name_arg_type = CLIArgumentType(help='The workspace name.', completer=get_resource_name_completion_list('Microsoft.Synapse/workspaces')) assignee_arg_type = CLIArgumentType( - help='Represent a user, group, or service principal. Supported format: object id, user sign-in name, or service principal name.') + help='Represent a user or service principal. Supported format: object id, user sign-in name, or service principal name.') + +assignee_object_id_arg_type = CLIArgumentType( + help="Use this parameter instead of '--assignee' to bypass Graph API invocation in case of insufficient privileges. " + "This parameter only works with object ids for users, groups, service principals, and " + "managed identities. For managed identities use the principal id. For service principals, " + "use the object id and not the app id.") + role_arg_type = CLIArgumentType(help='The role name/id that is assigned to the principal.', completer=get_role_definition_name_completion_list) definition_file_arg_type = CLIArgumentType(options_list=['--file'], completer=FilesCompleter(), @@ -410,6 +417,18 @@ def load_arguments(self, _): c.argument('workspace_name', arg_type=workspace_name_arg_type) c.argument('role', arg_type=role_arg_type) c.argument('assignee', arg_type=assignee_arg_type) + c.argument('assignee_object_id', arg_type=assignee_object_id_arg_type) + c.argument('scope', help='A scope defines the resources or artifacts that the access applies to. Synapse supports hierarchical scopes. ' + 'Permissions granted at a higher-level scope are inherited by objects at a lower level. ' + 'In Synapse RBAC, the top-level scope is a workspace. ' + 'Assigning a role with workspace scope grants permissions to all applicable objects in the workspace.') + c.argument('item', help='Item granted access in the workspace. Using with --item-type to combine the scope of assignment') + c.argument('item_type', arg_type=get_enum_type(ItemType), help='Item type granted access in the workspace. Using with --item to combine the scope of assignment.') + + with self.argument_context('synapse role assignment create') as c: + c.argument('assignee_principal_type', options_list=['--assignee-principal-type', '--assignee-type'], arg_type=get_enum_type(PrincipalType), + help='use with --assignee-object-id to avoid errors caused by propagation latency in AAD Graph') + c.argument('assignment_id', help='Custom role assignment id in guid format, if not specified, assignment id will be randomly generated.') with self.argument_context('synapse role assignment show') as c: c.argument('workspace_name', arg_type=workspace_name_arg_type) @@ -420,8 +439,20 @@ def load_arguments(self, _): c.argument('workspace_name', arg_type=workspace_name_arg_type) c.argument('role', arg_type=role_arg_type) c.argument('assignee', arg_type=assignee_arg_type) + c.argument('assignee_object_id', arg_type=assignee_object_id_arg_type) + c.argument('scope', help='A scope defines the resources or artifacts that the access applies to. Synapse supports hierarchical scopes. ' + 'Permissions granted at a higher-level scope are inherited by objects at a lower level. ' + 'In Synapse RBAC, the top-level scope is a workspace. ' + 'Using az role assignment with filter condition before executing delete operation ' + 'to be clearly aware of which assignments will be deleted.') c.argument('ids', nargs='+', help='space-separated role assignment ids. You should not provide --role or --assignee when --ids is provided.') + c.argument('item', help='Item granted access in the workspace. Using with --item-type to combine the scope of assignment.' + 'Using az role assignment with filter condition before executing delete operation ' + 'to be clearly aware of which assignments will be deleted.') + c.argument('item_type', arg_type=get_enum_type(ItemType), help='Item type granted access in the workspace. Using with --item to combine the scope of assignment.' + 'Using az role assignment with filter condition before executing delete operation ' + 'to be clearly aware of which assignments will be deleted.') with self.argument_context('synapse role definition show') as c: c.argument('workspace_name', arg_type=workspace_name_arg_type) @@ -429,6 +460,10 @@ def load_arguments(self, _): with self.argument_context('synapse role definition list') as c: c.argument('workspace_name', arg_type=workspace_name_arg_type) + c.argument('is_built_in', arg_type=get_three_state_flag(), help='Is a Synapse Built-In Role or not.') + + with self.argument_context('synapse role scope list') as c: + c.argument('workspace_name', arg_type=workspace_name_arg_type) # synapse artifacts linked-service for scope in ['create', 'set']: diff --git a/src/azure-cli/azure/cli/command_modules/synapse/commands.py b/src/azure-cli/azure/cli/command_modules/synapse/commands.py index cc50e57c645..c0afd89ee29 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/commands.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/commands.py @@ -139,8 +139,12 @@ def get_custom_sdk(custom_module, client_factory): operations_tmpl='azure.synapse.spark.operations#SparkBatchOperations.{}', client_factory=None) - synapse_accesscontrol_sdk = CliCommandType( - operations_tmpl='azure.synapse.accesscontrol.operations#AccessControlClientOperationsMixin.{}', + synapse_role_assignment_sdk = CliCommandType( + operations_tmpl='azure.synapse.accesscontrol.operations#RoleAssignmentsOperations.{}', + client_factory=None) + + synapse_role_definitions_sdk = CliCommandType( + operations_tmpl='azure.synapse.accesscontrol.operations#RoleDefinitionsOperations.{}', client_factory=None) synapse_linked_service_sdk = CliCommandType( @@ -375,18 +379,22 @@ def get_custom_sdk(custom_module, client_factory): g.custom_command('cancel', 'cancel_spark_session_statement', confirmation=True) # Data Plane Commands --Access control operations - with self.command_group('synapse role assignment', synapse_accesscontrol_sdk, + with self.command_group('synapse role assignment', synapse_role_assignment_sdk, custom_command_type=get_custom_sdk('accesscontrol', None)) as g: g.custom_command('create', 'create_role_assignment') g.custom_command('list', 'list_role_assignments') g.custom_show_command('show', 'get_role_assignment_by_id') g.custom_command('delete', 'delete_role_assignment', confirmation=True) - with self.command_group('synapse role definition', synapse_accesscontrol_sdk, + with self.command_group('synapse role definition', synapse_role_definitions_sdk, custom_command_type=get_custom_sdk('accesscontrol', None)) as g: g.custom_command('list', 'list_role_definitions') g.custom_show_command('show', 'get_role_definition') + with self.command_group('synapse role scope', synapse_role_definitions_sdk, + custom_command_type=get_custom_sdk('accesscontrol', None)) as g: + g.custom_command('list', 'list_scopes') + # Data Plane Commands --Artifacts Linked service operations with self.command_group('synapse linked-service', synapse_linked_service_sdk, custom_command_type=get_custom_sdk('artifacts', None)) as g: diff --git a/src/azure-cli/azure/cli/command_modules/synapse/constant.py b/src/azure-cli/azure/cli/command_modules/synapse/constant.py index 1f7ba343781..00578dbb603 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/constant.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/constant.py @@ -12,6 +12,8 @@ SPARK_DOTNET_UDFS_FOLDER_NAME = 'udfs' SPARK_SERVICE_ENDPOINT_API_VERSION = '2019-11-01-priview' AdministratorType = "activeDirectory" +ITEM_NAME_MAPPING = {'bigDataPools': '{bigDataPoolName}', 'integrationRuntimes': '{integrationRuntimeName}', + 'linkedServices': '{linkedServiceName}', 'credentials': '{credentialName}'} class SynapseSqlCreateMode(str, Enum): @@ -62,3 +64,16 @@ class SqlPoolConnectionClientAuthenticationType(str, Enum): SqlPassword = 'SqlPassword' ActiveDirectoryPassword = 'ADPassword' ActiveDirectoryIntegrated = 'ADIntegrated' + + +class PrincipalType(str, Enum): + user = "User" + group = "Group" + service_principal = "ServicePrincipal" + + +class ItemType(str, Enum): + bigDataPools = "bigDataPools" + integrationRuntimes = "integrationRuntimes" + credentials = "credentials" + linkedServices = "linkedServices" diff --git a/src/azure-cli/azure/cli/command_modules/synapse/operations/accesscontrol.py b/src/azure-cli/azure/cli/command_modules/synapse/operations/accesscontrol.py index 3db9bc6867a..c1384525763 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/operations/accesscontrol.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/operations/accesscontrol.py @@ -4,55 +4,73 @@ # -------------------------------------------------------------------------------------------- from knack.util import CLIError -from azure.synapse.accesscontrol.models import RoleAssignmentOptions +from azure.cli.core.azclierror import InvalidArgumentValueError, ArgumentUsageError from azure.cli.core.util import is_guid from azure.graphrbac.models import GraphErrorException from msrestazure.azure_exceptions import CloudError -from .._client_factory import cf_synapse_client_accesscontrol_factory, cf_graph_client_factory +from .._client_factory import cf_synapse_role_assignments, cf_synapse_role_definitions, cf_graph_client_factory +from ..constant import ITEM_NAME_MAPPING # List Synapse Role Assignment -def list_role_assignments(cmd, workspace_name, role=None, assignee=None): - # get role id - role_id = _resolve_role_id(cmd, role, workspace_name) - # get object_id - object_id = _resolve_object_id(cmd, assignee, fallback_to_object_id=True) +def list_role_assignments(cmd, workspace_name, role=None, assignee=None, assignee_object_id=None, + scope=None, item=None, item_type=None): + if bool(assignee) and bool(assignee_object_id): + raise ArgumentUsageError('usage error: --assignee STRING | --assignee-object-id GUID') + + if bool(item) != bool(item_type): + raise ArgumentUsageError('usage error: --item-type STRING --item STRING') + + return _list_role_assignments(cmd, workspace_name, role, assignee or assignee_object_id, + scope, resolve_assignee=(not assignee_object_id), item=item, item_type=item_type) - client = cf_synapse_client_accesscontrol_factory(cmd.cli_ctx, workspace_name) - role_assignments = client.get_role_assignments(role_id, object_id) - # TODO: - # Currently, when only `ObjectId` is specified, the cmdlet returns incorrect result. - # Filter from client side as a workaround - if object_id: - role_assignments = [x for x in role_assignments if x.principal_id == object_id] +def _list_role_assignments(cmd, workspace_name, role=None, assignee=None, scope=None, + resolve_assignee=True, item=None, item_type=None): + """Prepare scope, role ID and resolve object ID from Graph API.""" + if any([scope, item, item_type]): + scope = _build_role_scope(workspace_name, scope, item, item_type) + role_id = _resolve_role_id(cmd, role, workspace_name) + object_id = _resolve_object_id(cmd, assignee, fallback_to_object_id=True) if resolve_assignee else assignee + client = cf_synapse_role_assignments(cmd.cli_ctx, workspace_name) + role_assignments = client.list_role_assignments(role_id, object_id, scope).value return role_assignments # Show Synapse Role Assignment By Id def get_role_assignment_by_id(cmd, workspace_name, role_assignment_id): - client = cf_synapse_client_accesscontrol_factory(cmd.cli_ctx, workspace_name) + client = cf_synapse_role_assignments(cmd.cli_ctx, workspace_name) return client.get_role_assignment_by_id(role_assignment_id) # Delete Synapse Role Assignment -def delete_role_assignment(cmd, workspace_name, ids=None, assignee=None, role=None): - client = cf_synapse_client_accesscontrol_factory(cmd.cli_ctx, workspace_name) +def delete_role_assignment(cmd, workspace_name, ids=None, assignee=None, assignee_object_id=None, role=None, + scope=None, item=None, item_type=None): + client = cf_synapse_role_assignments(cmd.cli_ctx, workspace_name) + if not any([ids, assignee, assignee_object_id, role, scope, item, item_type]): + raise ArgumentUsageError('usage error: No argument are provided. --assignee STRING | --ids GUID') + if ids: - if assignee or role: - raise CLIError('You should not provide --role or --assignee when --ids is provided.') - role_assignments = list_role_assignments(cmd, workspace_name, None, None) + if any([assignee, assignee_object_id, role, scope, item, item_type]): + raise ArgumentUsageError('You should not provide --role or --assignee or --assignee_object_id ' + 'or --scope or --principal-type when --ids is provided.') + role_assignments = list_role_assignments(cmd, workspace_name, None, None, None, None, None, None) assignment_id_list = [x.id for x in role_assignments] # check role assignment id for assignment_id in ids: if assignment_id not in assignment_id_list: - raise CLIError("role assigment id:'{}' doesn't exist.".format(assignment_id)) + raise ArgumentUsageError("role assignment id:'{}' doesn't exist.".format(assignment_id)) # delete when all ids check pass for assignment_id in ids: client.delete_role_assignment_by_id(assignment_id) return - role_assignments = list_role_assignments(cmd, workspace_name, role, assignee) + role_assignments = list_role_assignments(cmd, workspace_name, role, assignee, assignee_object_id, + scope, item, item_type) + if any([scope, item, item_type]): + scope = _build_role_scope(workspace_name, scope, item, item_type) + role_assignments = [x for x in role_assignments if x.scope == scope] + if role_assignments: for assignment in role_assignments: client.delete_role_assignment_by_id(assignment.id) @@ -61,32 +79,103 @@ def delete_role_assignment(cmd, workspace_name, ids=None, assignee=None, role=No 'Use `az synapse role assignment list` to get role assignments.') -# Create Synapse Role Assignment -def create_role_assignment(cmd, workspace_name, role, assignee): - # get role id - role_id = _resolve_role_id(cmd, role, workspace_name) - # get object_id - object_id = _resolve_object_id(cmd, assignee, fallback_to_object_id=True) +def create_role_assignment(cmd, workspace_name, role, assignee=None, assignee_object_id=None, + scope=None, assignee_principal_type=None, item_type=None, item=None, assignment_id=None): + """Check parameters are provided correctly, then call _create_role_assignment.""" + if assignment_id and not is_guid(assignment_id): + raise InvalidArgumentValueError('usage error: --id GUID') - create_role_assignment_options = RoleAssignmentOptions( - role_id=role_id, - principal_id=object_id - ) - assignment_client = cf_synapse_client_accesscontrol_factory(cmd.cli_ctx, workspace_name) - return assignment_client.create_role_assignment(create_role_assignment_options) + if bool(assignee) == bool(assignee_object_id): + raise ArgumentUsageError('usage error: --assignee STRING | --assignee-object-id GUID') + if assignee_principal_type and not assignee_object_id: + raise ArgumentUsageError('usage error: --assignee-object-id GUID [--assignee-principal-type]') -# List Synapse Role Definitions -def list_role_definitions(cmd, workspace_name): - client = cf_synapse_client_accesscontrol_factory(cmd.cli_ctx, workspace_name) - return client.get_role_definitions() + if bool(item) != bool(item_type): + raise ArgumentUsageError('usage error: --item-type STRING --item STRING') + try: + return _create_role_assignment(cmd, workspace_name, role, assignee or assignee_object_id, scope, item, + item_type, resolve_assignee=(not assignee_object_id), + assignee_principal_type=assignee_principal_type, assignment_id=assignment_id) + except Exception as ex: # pylint: disable=broad-except + if _error_caused_by_role_assignment_exists(ex): # for idempotent + return list_role_assignments(cmd, workspace_name, role=role, + assignee=assignee, assignee_object_id=assignee_object_id, + scope=scope, item=item, item_type=item_type) + raise -# Get Synapse Role Definition -def get_role_definition(cmd, workspace_name, role): + +def _resolve_object_id(cmd, assignee, fallback_to_object_id=False): + if assignee is None: + return None + client = cf_graph_client_factory(cmd.cli_ctx) + result = None + try: + result = list(client.users.list(filter="userPrincipalName eq '{0}' or mail eq '{0}' or displayName eq '{0}'" + .format(assignee))) + if not result: + result = list(client.service_principals.list(filter="displayName eq '{}'".format(assignee))) + if not result: + result = list(client.groups.list(filter="mail eq '{}'".format(assignee))) + if not result and is_guid(assignee): # assume an object id, let us verify it + result = _get_object_stubs(client, [assignee]) + + # 2+ matches should never happen, so we only check 'no match' here + if not result: + raise CLIError("Cannot find user or group or service principal in graph database for '{assignee}'. " + "If the assignee is a principal id, make sure the corresponding principal is created " + "with 'az ad sp create --id {assignee}'.".format(assignee=assignee)) + + if len(result) > 1: + raise CLIError("Find more than one user or group or service principal in graph database for '{assignee}'. " + "Please using --assignee-object-id GUID to specify assignee accurately" + .format(assignee=assignee)) + + return result[0].object_id + except (CloudError, GraphErrorException): + if fallback_to_object_id and is_guid(assignee): + return assignee + raise + + +def _get_object_stubs(graph_client, assignees): + from azure.graphrbac.models import GetObjectsParameters + result = [] + assignees = list(assignees) # callers could pass in a set + for i in range(0, len(assignees), 1000): + params = GetObjectsParameters(include_directory_object_references=True, object_ids=assignees[i:i + 1000]) + result += list(graph_client.objects.get_objects_by_object_ids(params)) + return result + + +def _error_caused_by_role_assignment_exists(ex): + return getattr(ex, 'status_code', None) == 409 and 'role assignment already exists' in ex.message + + +def _create_role_assignment(cmd, workspace_name, role, assignee, scope=None, item=None, item_type=None, + resolve_assignee=True, assignee_principal_type=None, assignment_id=None): + """Prepare scope, role ID and resolve object ID from Graph API.""" + scope = _build_role_scope(workspace_name, scope, item, item_type) role_id = _resolve_role_id(cmd, role, workspace_name) - client = cf_synapse_client_accesscontrol_factory(cmd.cli_ctx, workspace_name) - return client.get_role_definition_by_id(role_id) + object_id = _resolve_object_id(cmd, assignee, fallback_to_object_id=True) if resolve_assignee else assignee + + assignment_client = cf_synapse_role_assignments(cmd.cli_ctx, workspace_name) + return assignment_client.create_role_assignment(assignment_id if assignment_id is not None else _gen_guid(), + role_id, object_id, scope, assignee_principal_type) + + +def _build_role_scope(workspace_name, scope, item, item_type): + if scope: + return scope + + if item and item_type: + # workspaces/{workspaceName}/bigDataPools/{bigDataPoolName} + scope = "workspaces/" + workspace_name + "/" + item_type + "/" + item + else: + scope = "workspaces/" + workspace_name + + return scope def _resolve_role_id(cmd, role, workspace_name): @@ -96,8 +185,8 @@ def _resolve_role_id(cmd, role, workspace_name): if is_guid(role): role_id = role else: - role_definition_client = cf_synapse_client_accesscontrol_factory(cmd.cli_ctx, workspace_name) - role_definition = role_definition_client.get_role_definitions() + role_definition_client = cf_synapse_role_definitions(cmd.cli_ctx, workspace_name) + role_definition = role_definition_client.list_role_definitions() role_dict = {x.name.lower(): x.id for x in role_definition if x.name} if role.lower() not in role_dict: raise CLIError("Role '{}' doesn't exist.".format(role)) @@ -105,28 +194,38 @@ def _resolve_role_id(cmd, role, workspace_name): return role_id -def _resolve_object_id(cmd, assignee, fallback_to_object_id=False): - if not assignee: - return None - client = cf_graph_client_factory(cmd.cli_ctx) - result = None - try: - if assignee.find('@') >= 0: # looks like a user principal name - result = list(client.users.list(filter="userPrincipalName eq '{}'".format(assignee))) - if not result: - result = list(client.service_principals.list( - filter="servicePrincipalNames/any(c:c eq '{}')".format(assignee))) - if not result and is_guid(assignee): - return assignee +def _gen_guid(): + import uuid + return uuid.uuid4() - # 2+ matches should never happen, so we only check 'no match' here - if not result: - raise CLIError("Cannot find user or service principal in graph database for '{assignee}'. " - "If the assignee is an appId, make sure the corresponding service principal is created " - "with 'az ad sp create --id {assignee}'.".format(assignee=assignee)) - return result[0].object_id - except (CloudError, GraphErrorException): - if fallback_to_object_id and is_guid(assignee): - return assignee - raise +# List Synapse Role Definitions Scope +def list_scopes(cmd, workspace_name): + client = cf_synapse_role_definitions(cmd.cli_ctx, workspace_name) + return client.list_scopes() + + +# List Synapse Role Definitions +def list_role_definitions(cmd, workspace_name, is_built_in=None): + client = cf_synapse_role_definitions(cmd.cli_ctx, workspace_name) + role_definitions = client.list_role_definitions(is_built_in) + return role_definitions + + +def _build_role_scope_format(scope, item_type): + if scope: + return scope + + if item_type: + scope = "workspaces/{workspaceName}/" + item_type + "/" + ITEM_NAME_MAPPING[item_type] + else: + scope = "workspaces/{workspaceName}" + + return scope + + +# Get Synapse Role Definition +def get_role_definition(cmd, workspace_name, role): + role_id = _resolve_role_id(cmd, role, workspace_name) + client = cf_synapse_role_definitions(cmd.cli_ctx, workspace_name) + return client.get_role_definition_by_id(role_id) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/recordings/test_access_control.yaml b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/recordings/test_access_control.yaml index f269e872f5a..14b72bc3a48 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/recordings/test_access_control.yaml +++ b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/recordings/test_access_control.yaml @@ -3,28 +3,25 @@ interactions: body: null headers: Accept: - - application/json + - application/json, text/json Accept-Encoding: - gzip, deflate Connection: - keep-alive User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roles?api-version=2020-02-01-preview + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/rbacScopes?api-version=2020-08-01-preview response: body: - string: '{"value":[{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","name":"Workspace - Admin","isBuiltIn":true},{"id":"c3a6d2f1-a26f-4810-9b0f-591308d5cbf1","name":"Apache - Spark Admin","isBuiltIn":true},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","name":"Sql - Admin","isBuiltIn":true}]}' + string: '["workspaces/{workspaceName}","workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}","workspaces/{workspaceName}/scopePools/{scopePoolName}","workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}","workspaces/{workspaceName}/credentials/{credentialName}","workspaces/{workspaceName}/linkedServices/{linkedServiceName}"]' headers: content-length: - - '272' + - '342' content-type: - application/json; charset=utf-8 date: - - Fri, 07 Aug 2020 06:43:17 GMT + - Tue, 06 Apr 2021 09:08:12 GMT server: - Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 strict-transport-security: @@ -36,28 +33,67 @@ interactions: body: null headers: Accept: - - application/json + - application/json, text/json Accept-Encoding: - gzip, deflate Connection: - keep-alive User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roles?api-version=2020-02-01-preview + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleDefinitions?api-version=2020-08-01-preview response: body: - string: '{"value":[{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","name":"Workspace - Admin","isBuiltIn":true},{"id":"c3a6d2f1-a26f-4810-9b0f-591308d5cbf1","name":"Apache - Spark Admin","isBuiltIn":true},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","name":"Sql - Admin","isBuiltIn":true}]}' + string: "[{\"name\":\"Synapse Administrator\",\"description\":\"Full Synapse + access to serverless SQL pools, Apache Spark pools and Integration runtimes.\_ + Includes create, read, update and delete access to all published code artifacts.\_ + Includes Compute Operator, Linked Data Manager, and Credential User permissions + on the workspace system identity credential.\_ Includes granting access.\_ + Azure permissions are required to create, delete, or manage compute resources.\u200B\",\"id\":\"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/roleAssignments/write\",\"Microsoft.Synapse/workspaces/roleAssignments/delete\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/write\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/delete\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/linkedServices/useSecret/action\",\"Microsoft.Synapse/workspaces/credentials/useSecret/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/idw/read\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Linked Data Manager\",\"description\":\"Creation and management of managed + private endpoints, linked services, and credentials.\u200B\",\"id\":\"dd665582-e433-40ca-b183-1b1b33e73375\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/write\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/delete\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Contributor\",\"description\":\"Full Synapse access to serverless SQL pools, + Apache Spark pools, Integration runtimes.\_ Includes create, read, update, + and delete access to all published code artifacts and their outputs, including + credentials and linked services.\_ Includes compute operator permissions. + Does not include permission to use credentials and run pipelines. Does not + include granting access.\u200B\",\"id\":\"7572bffe-f453-4b66-912a-46cc5ef38fda\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Artifact Publisher\",\"description\":\"Create, read, update, and delete access + to published code artifacts and their outputs. Does not include permission + to run code or pipelines, or to grant access.\_\u200B\",\"id\":\"05930f57-09a3-4c0d-9fa9-6d1eb91c178b\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Artifact User\",\"description\":\"Read access to published code artifacts + and their outputs. Can create new artifacts but cannot publish changes or + run code without additional permissions.\u200B\",\"id\":\"53faaa0e-40b6-40c8-a2ff-e38f2d388875\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Compute Operator\",\"description\":\"Submit Spark jobs and notebooks and view + logs.\_ Includes canceling Spark jobs submitted by any user. Requires additional + credential use permissions on the workspace system identity to run pipelines, + view pipeline runs and outputs.\u200B\",\"id\":\"e3844cc7-4670-42cb-9349-9bdac1ee7881\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Credential User\",\"description\":\"Runtime and configuration-time use of + secrets within credentials and linked services in activities like pipeline + runs. To run pipelines, this role is required, scoped to the workspace system + identity.\u200B\",\"id\":\"5eb298b4-692c-4241-9cf0-f58a3b42bb25\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/linkedServices/useSecret/action\",\"Microsoft.Synapse/workspaces/credentials/useSecret/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + User\",\"description\":\"List and view details of SQL pools, Apache Spark + pools, Integration runtimes, and published linked services and credentials.\_ + Does not include other published code artifacts.\_ Can create new artifacts + but cannot run or publish without additional permissions.\_\_\_\u200B\",\"id\":\"2a385764-43e8-416c-9825-7b18d05a2c4b\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Apache + Spark Administrator\",\"description\":\"Full Synapse access to Apache Spark + Pools.\_ Create, read, update, and delete access to published Spark job definitions, + notebooks, and their outputs, and to libraries, linked services and credentials.\_ + Includes read access to all other published code artifacts. Does not include + permission to use credentials and run pipelines. Does not include granting + access.\u200B\",\"id\":\"c3a6d2f1-a26f-4810-9b0f-591308d5cbf1\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + SQL Administrator\",\"description\":\"Full Synapse access to serverless SQL + pools.\_ Create, read, update, and delete access to published SQL scripts, + credentials and linked services.\_ Includes read access to all other published + code artifacts.\_ Does not include permission to use credentials and run pipelines. + Does not include granting access.\",\"id\":\"7af0c69a-a548-47d6-aea3-d00e69bd83aa\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"}]" headers: content-length: - - '272' + - '13874' content-type: - application/json; charset=utf-8 date: - - Fri, 07 Aug 2020 06:43:18 GMT + - Tue, 06 Apr 2021 09:08:13 GMT server: - Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 strict-transport-security: @@ -69,25 +105,67 @@ interactions: body: null headers: Accept: - - application/json + - application/json, text/json Accept-Encoding: - gzip, deflate Connection: - keep-alive User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roles/7af0c69a-a548-47d6-aea3-d00e69bd83aa?api-version=2020-02-01-preview + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleDefinitions?api-version=2020-08-01-preview response: body: - string: '{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","name":"Sql Admin","isBuiltIn":true}' + string: "[{\"name\":\"Synapse Administrator\",\"description\":\"Full Synapse + access to serverless SQL pools, Apache Spark pools and Integration runtimes.\_ + Includes create, read, update and delete access to all published code artifacts.\_ + Includes Compute Operator, Linked Data Manager, and Credential User permissions + on the workspace system identity credential.\_ Includes granting access.\_ + Azure permissions are required to create, delete, or manage compute resources.\u200B\",\"id\":\"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/roleAssignments/write\",\"Microsoft.Synapse/workspaces/roleAssignments/delete\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/write\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/delete\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/linkedServices/useSecret/action\",\"Microsoft.Synapse/workspaces/credentials/useSecret/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/idw/read\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Linked Data Manager\",\"description\":\"Creation and management of managed + private endpoints, linked services, and credentials.\u200B\",\"id\":\"dd665582-e433-40ca-b183-1b1b33e73375\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/write\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/delete\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Contributor\",\"description\":\"Full Synapse access to serverless SQL pools, + Apache Spark pools, Integration runtimes.\_ Includes create, read, update, + and delete access to all published code artifacts and their outputs, including + credentials and linked services.\_ Includes compute operator permissions. + Does not include permission to use credentials and run pipelines. Does not + include granting access.\u200B\",\"id\":\"7572bffe-f453-4b66-912a-46cc5ef38fda\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Artifact Publisher\",\"description\":\"Create, read, update, and delete access + to published code artifacts and their outputs. Does not include permission + to run code or pipelines, or to grant access.\_\u200B\",\"id\":\"05930f57-09a3-4c0d-9fa9-6d1eb91c178b\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Artifact User\",\"description\":\"Read access to published code artifacts + and their outputs. Can create new artifacts but cannot publish changes or + run code without additional permissions.\u200B\",\"id\":\"53faaa0e-40b6-40c8-a2ff-e38f2d388875\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Compute Operator\",\"description\":\"Submit Spark jobs and notebooks and view + logs.\_ Includes canceling Spark jobs submitted by any user. Requires additional + credential use permissions on the workspace system identity to run pipelines, + view pipeline runs and outputs.\u200B\",\"id\":\"e3844cc7-4670-42cb-9349-9bdac1ee7881\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Credential User\",\"description\":\"Runtime and configuration-time use of + secrets within credentials and linked services in activities like pipeline + runs. To run pipelines, this role is required, scoped to the workspace system + identity.\u200B\",\"id\":\"5eb298b4-692c-4241-9cf0-f58a3b42bb25\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/linkedServices/useSecret/action\",\"Microsoft.Synapse/workspaces/credentials/useSecret/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + User\",\"description\":\"List and view details of SQL pools, Apache Spark + pools, Integration runtimes, and published linked services and credentials.\_ + Does not include other published code artifacts.\_ Can create new artifacts + but cannot run or publish without additional permissions.\_\_\_\u200B\",\"id\":\"2a385764-43e8-416c-9825-7b18d05a2c4b\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Apache + Spark Administrator\",\"description\":\"Full Synapse access to Apache Spark + Pools.\_ Create, read, update, and delete access to published Spark job definitions, + notebooks, and their outputs, and to libraries, linked services and credentials.\_ + Includes read access to all other published code artifacts. Does not include + permission to use credentials and run pipelines. Does not include granting + access.\u200B\",\"id\":\"c3a6d2f1-a26f-4810-9b0f-591308d5cbf1\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + SQL Administrator\",\"description\":\"Full Synapse access to serverless SQL + pools.\_ Create, read, update, and delete access to published SQL scripts, + credentials and linked services.\_ Includes read access to all other published + code artifacts.\_ Does not include permission to use credentials and run pipelines. + Does not include granting access.\",\"id\":\"7af0c69a-a548-47d6-aea3-d00e69bd83aa\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"}]" headers: content-length: - - '81' + - '13874' content-type: - application/json; charset=utf-8 date: - - Fri, 07 Aug 2020 06:43:20 GMT + - Tue, 06 Apr 2021 09:08:14 GMT server: - Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 strict-transport-security: @@ -99,28 +177,102 @@ interactions: body: null headers: Accept: - - application/json + - application/json, text/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleDefinitions/7572bffe-f453-4b66-912a-46cc5ef38fda?api-version=2020-08-01-preview + response: + body: + string: "{\"name\":\"Synapse Contributor\",\"description\":\"Full Synapse access + to serverless SQL pools, Apache Spark pools, Integration runtimes.\_ Includes + create, read, update, and delete access to all published code artifacts and + their outputs, including credentials and linked services.\_ Includes compute + operator permissions. Does not include permission to use credentials and run + pipelines. Does not include granting access.\u200B\",\"id\":\"7572bffe-f453-4b66-912a-46cc5ef38fda\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\"],\"availabilityStatus\":\"Available\"}" + headers: + content-length: + - '2542' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Apr 2021 09:08:14 GMT + server: + - Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json, text/json Accept-Encoding: - gzip, deflate Connection: - keep-alive User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roles?api-version=2020-02-01-preview + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleDefinitions?api-version=2020-08-01-preview response: body: - string: '{"value":[{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","name":"Workspace - Admin","isBuiltIn":true},{"id":"c3a6d2f1-a26f-4810-9b0f-591308d5cbf1","name":"Apache - Spark Admin","isBuiltIn":true},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","name":"Sql - Admin","isBuiltIn":true}]}' + string: "[{\"name\":\"Synapse Administrator\",\"description\":\"Full Synapse + access to serverless SQL pools, Apache Spark pools and Integration runtimes.\_ + Includes create, read, update and delete access to all published code artifacts.\_ + Includes Compute Operator, Linked Data Manager, and Credential User permissions + on the workspace system identity credential.\_ Includes granting access.\_ + Azure permissions are required to create, delete, or manage compute resources.\u200B\",\"id\":\"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/roleAssignments/write\",\"Microsoft.Synapse/workspaces/roleAssignments/delete\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/write\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/delete\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/linkedServices/useSecret/action\",\"Microsoft.Synapse/workspaces/credentials/useSecret/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/idw/read\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Linked Data Manager\",\"description\":\"Creation and management of managed + private endpoints, linked services, and credentials.\u200B\",\"id\":\"dd665582-e433-40ca-b183-1b1b33e73375\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/write\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/delete\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Contributor\",\"description\":\"Full Synapse access to serverless SQL pools, + Apache Spark pools, Integration runtimes.\_ Includes create, read, update, + and delete access to all published code artifacts and their outputs, including + credentials and linked services.\_ Includes compute operator permissions. + Does not include permission to use credentials and run pipelines. Does not + include granting access.\u200B\",\"id\":\"7572bffe-f453-4b66-912a-46cc5ef38fda\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Artifact Publisher\",\"description\":\"Create, read, update, and delete access + to published code artifacts and their outputs. Does not include permission + to run code or pipelines, or to grant access.\_\u200B\",\"id\":\"05930f57-09a3-4c0d-9fa9-6d1eb91c178b\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Artifact User\",\"description\":\"Read access to published code artifacts + and their outputs. Can create new artifacts but cannot publish changes or + run code without additional permissions.\u200B\",\"id\":\"53faaa0e-40b6-40c8-a2ff-e38f2d388875\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Compute Operator\",\"description\":\"Submit Spark jobs and notebooks and view + logs.\_ Includes canceling Spark jobs submitted by any user. Requires additional + credential use permissions on the workspace system identity to run pipelines, + view pipeline runs and outputs.\u200B\",\"id\":\"e3844cc7-4670-42cb-9349-9bdac1ee7881\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Credential User\",\"description\":\"Runtime and configuration-time use of + secrets within credentials and linked services in activities like pipeline + runs. To run pipelines, this role is required, scoped to the workspace system + identity.\u200B\",\"id\":\"5eb298b4-692c-4241-9cf0-f58a3b42bb25\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/linkedServices/useSecret/action\",\"Microsoft.Synapse/workspaces/credentials/useSecret/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + User\",\"description\":\"List and view details of SQL pools, Apache Spark + pools, Integration runtimes, and published linked services and credentials.\_ + Does not include other published code artifacts.\_ Can create new artifacts + but cannot run or publish without additional permissions.\_\_\_\u200B\",\"id\":\"2a385764-43e8-416c-9825-7b18d05a2c4b\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Apache + Spark Administrator\",\"description\":\"Full Synapse access to Apache Spark + Pools.\_ Create, read, update, and delete access to published Spark job definitions, + notebooks, and their outputs, and to libraries, linked services and credentials.\_ + Includes read access to all other published code artifacts. Does not include + permission to use credentials and run pipelines. Does not include granting + access.\u200B\",\"id\":\"c3a6d2f1-a26f-4810-9b0f-591308d5cbf1\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + SQL Administrator\",\"description\":\"Full Synapse access to serverless SQL + pools.\_ Create, read, update, and delete access to published SQL scripts, + credentials and linked services.\_ Includes read access to all other published + code artifacts.\_ Does not include permission to use credentials and run pipelines. + Does not include granting access.\",\"id\":\"7af0c69a-a548-47d6-aea3-d00e69bd83aa\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"}]" headers: content-length: - - '272' + - '13874' content-type: - application/json; charset=utf-8 date: - - Fri, 07 Aug 2020 06:43:21 GMT + - Tue, 06 Apr 2021 09:08:16 GMT server: - Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 strict-transport-security: @@ -140,52 +292,42 @@ interactions: Connection: - keep-alive ParameterSetName: - - --workspace-name --role --assignee + - --workspace-name --role --assignee --assignment-id User-Agent: - - python/3.7.8 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.3 azure-graphrbac/0.60.0 - Azure-SDK-For-Python AZURECLI/2.10.0 + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-graphrbac/0.60.0 Azure-SDK-For-Python AZURECLI/2.19.1 accept-language: - en-US method: GET - uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/users?$filter=userPrincipalName%20eq%20%27username%40microsoft.com%27&api-version=1.6 + uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/users?$filter=userPrincipalName%20eq%20%27testsynapsecli%27%20or%20mail%20eq%20%27testsynapsecli%27%20or%20displayName%20eq%20%27testsynapsecli%27&api-version=1.6 response: body: - string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[{"odata.type":"Microsoft.DirectoryServices.User","objectType":"User","objectId":"6ae2ff4b-4939-4952-a097-d234aad383a3","deletionTimestamp":null,"accountEnabled":true,"ageGroup":null,"assignedLicenses":[{"disabledPlans":["b21a6b06-1988-436e-a07b-51ec6d9f52ad","531ee2f8-b1cb-453b-9c21-d2180d014ca5","bf28f719-7844-4079-9c78-c1307898e192","28b0fa46-c39a-4188-89e2-58e979a6b014","199a5c09-e0ca-4e37-8f7c-b05d533e1ea2","65cc641f-cccd-4643-97e0-a17e3045e541","e26c2fcc-ab91-4a61-b35c-03cdc8dddf66","46129a58-a698-46f0-aa5b-17f6586297d9","6db1f1db-2b46-403f-be40-e39395f08dbb","6dc145d6-95dd-4191-b9c3-185575ee6f6b","41fcdd7d-4733-4863-9cf4-c65b83ce2df4","2f442157-a11c-46b9-ae5b-6e39ff4e5849","c4801e8a-cb58-4c35-aca6-f2dcc106f287","0898bdbb-73b0-471a-81e5-20f1fe4dd66e","617b097b-4b93-4ede-83de-5f075bb5fb2f","33c4f319-9bdd-48d6-9c4d-410b750a4a5a","8e0c0a52-6a6c-4d40-8370-dd62790dcd70","4828c8ec-dc2e-4779-b502-87ac9ce28ab7","3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40"],"skuId":"c7df2760-2c81-4ef7-b578-5b5392b571df"},{"disabledPlans":[],"skuId":"9f3d9c1d-25a5-4aaa-8e59-23a1e6450a67"},{"disabledPlans":[],"skuId":"26a18e8f-4d14-46f8-835a-ed3ba424a961"},{"disabledPlans":[],"skuId":"412ce1a7-a499-41b3-8eb6-b38f2bbc5c3f"},{"disabledPlans":["39b5c996-467e-4e60-bd62-46066f572726"],"skuId":"90d8b3f8-712e-4f7b-aa1e-62e7ae6cbe96"},{"disabledPlans":[],"skuId":"c5928f49-12ba-48f7-ada3-0d743a3601d5"},{"disabledPlans":[],"skuId":"b05e124f-c7cc-45a0-a6aa-8cf78c946968"},{"disabledPlans":["e95bec33-7c88-4a70-8e19-b10bd9d0c014","5dbe027f-2339-4123-9542-606e4d348a72"],"skuId":"09015f9f-377f-4538-bbb5-f75ceb09358a"},{"disabledPlans":[],"skuId":"488ba24a-39a9-4473-8ee5-19291e71b002"},{"disabledPlans":["0b03f40b-c404-40c3-8651-2aceb74365fa","b650d915-9886-424b-a08d-633cede56f57","e95bec33-7c88-4a70-8e19-b10bd9d0c014","5dbe027f-2339-4123-9542-606e4d348a72","fe71d6c3-a2ea-4499-9778-da042bf08063","fafd7243-e5c1-4a3a-9e40-495efcb1d3c3"],"skuId":"ea126fc5-a19e-42e2-a731-da9d437bffcf"}],"assignedPlans":[{"assignedTimestamp":"2020-07-26T08:53:26Z","capabilityStatus":"Enabled","service":"SharePoint","servicePlanId":"fe71d6c3-a2ea-4499-9778-da042bf08063"},{"assignedTimestamp":"2020-07-26T08:53:26Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"199a5c09-e0ca-4e37-8f7c-b05d533e1ea2"},{"assignedTimestamp":"2020-07-26T08:53:26Z","capabilityStatus":"Enabled","service":"SharePoint","servicePlanId":"e95bec33-7c88-4a70-8e19-b10bd9d0c014"},{"assignedTimestamp":"2020-07-26T08:53:26Z","capabilityStatus":"Enabled","service":"SharePoint","servicePlanId":"5dbe027f-2339-4123-9542-606e4d348a72"},{"assignedTimestamp":"2020-07-26T08:53:26Z","capabilityStatus":"Enabled","service":"MicrosoftOffice","servicePlanId":"fafd7243-e5c1-4a3a-9e40-495efcb1d3c3"},{"assignedTimestamp":"2020-06-18T16:18:34Z","capabilityStatus":"Enabled","service":"MicrosoftPrint","servicePlanId":"795f6fe0-cc4d-4773-b050-5dde4dc704c9"},{"assignedTimestamp":"2020-04-04T16:06:17Z","capabilityStatus":"Enabled","service":"MicrosoftCommunicationsOnline","servicePlanId":"018fb91e-cee3-418c-9063-d7562978bdaf"},{"assignedTimestamp":"2020-04-04T16:06:16Z","capabilityStatus":"Enabled","service":"MicrosoftCommunicationsOnline","servicePlanId":"ca4be917-fbce-4b52-839e-6647467a1668"},{"assignedTimestamp":"2020-04-03T23:33:35Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"9f431833-0334-42de-a7dc-70aa40db46db"},{"assignedTimestamp":"2020-04-03T23:33:35Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"efb87545-963c-4e0d-99df-69c6916d9eb0"},{"assignedTimestamp":"2020-04-03T23:33:35Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"34c0d7a0-a70f-4668-9238-47f9fc208882"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"MicrosoftCommunicationsOnline","servicePlanId":"0feaeb32-d00e-4d66-bd5a-43b5b83db82c"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"ProcessSimple","servicePlanId":"07699545-9485-468e-95b6-2fca3738be01"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"Adallom","servicePlanId":"8c098270-9dd4-4350-9b30-ba4703f3b36b"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"b1188c4c-1b36-4018-b48b-ee07604f6feb"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"MicrosoftStream","servicePlanId":"6c6042f5-6f01-4d67-b8c1-eb99d36eed3e"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"AADPremiumService","servicePlanId":"41781fb2-bc02-4b7c-bd55-b576c07bb09d"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"Sway","servicePlanId":"a23b959c-7ce8-4e57-9140-b90eb88a9e97"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"5136a095-5cf0-4aff-bec3-e84448b38ea5"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"PowerBI","servicePlanId":"70d33638-9c74-4d01-bfd3-562de28bd4ba"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"ProjectWorkManagement","servicePlanId":"b737dad2-2f6c-4c65-90e3-ca563267e8b9"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"RMSOnline","servicePlanId":"bea4c11e-220a-4e6d-8eb8-8ea15d019f90"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"AADPremiumService","servicePlanId":"eec0eb4f-6444-4f95-aba0-50c24d67f998"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"ProjectProgramsAndPortfolios","servicePlanId":"818523f5-016b-4355-9be8-ed6944946ea7"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"OfficeForms","servicePlanId":"e212cbc7-0961-4c40-9825-01117710dcb1"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"4de31727-a228-4ec3-a5bf-8e45b5ca48cc"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"SCO","servicePlanId":"c1ec4a95-1f05-45b3-a911-aa3fa01094f5"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"SharePoint","servicePlanId":"2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"MicrosoftOffice","servicePlanId":"663a804f-1c30-4ff0-9915-9db84f0d1cea"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"TeamspaceAPI","servicePlanId":"57ff2da0-773e-42df-b2af-ffb7a2317929"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"AzureAdvancedThreatAnalytics","servicePlanId":"14ab5db5-e6c4-4b20-b4bc-13e36fd2227f"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"PowerAppsService","servicePlanId":"9c0dab89-a30c-4117-86e7-97bda240acd2"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"efb0351d-3b08-4503-993d-383af8de41e3"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"SharePoint","servicePlanId":"da792a53-cbc0-4184-a10d-e544dd34b3c1"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"Deskless","servicePlanId":"8c7d2df8-86f0-4902-b2ed-a0458298f3b3"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"RMSOnline","servicePlanId":"6c57d4b6-3b23-47a5-9bc9-69f17b4947b3"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"MultiFactorService","servicePlanId":"8a256a2b-b617-496d-b51b-e76466e88db0"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"ProcessSimple","servicePlanId":"fa200448-008c-4acb-abd4-ea106ed2199d"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"To-Do","servicePlanId":"3fb82609-8c27-4f7b-bd51-30634711ee67"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"RMSOnline","servicePlanId":"5689bec4-755d-4753-8b61-40975025187c"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"YammerEnterprise","servicePlanId":"7547a3fe-08ee-4ccb-b430-5077c5041653"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"WhiteboardServices","servicePlanId":"4a51bca5-1eff-43f5-878c-177680f191af"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"MicrosoftOffice","servicePlanId":"43de0ff5-c92c-492b-9116-175376d08c38"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"CRM","servicePlanId":"50554c47-71d9-49fd-bc54-42a2765c555c"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"Adallom","servicePlanId":"2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2"},{"assignedTimestamp":"2020-04-02T22:13:18Z","capabilityStatus":"Enabled","service":"WindowsDefenderATP","servicePlanId":"871d91ec-ec1a-452b-a83f-bd76c7d770ef"},{"assignedTimestamp":"2020-04-02T22:13:18Z","capabilityStatus":"Enabled","service":"Windows","servicePlanId":"e7c91390-7625-45be-94e0-e16907e03118"},{"assignedTimestamp":"2020-04-02T22:13:17Z","capabilityStatus":"Enabled","service":"Netbreeze","servicePlanId":"03acaee3-9492-4f40-aed4-bcb6b32981b6"},{"assignedTimestamp":"2020-04-02T22:13:17Z","capabilityStatus":"Enabled","service":"DYN365AISERVICEINSIGHTS","servicePlanId":"1412cdc1-d593-4ad1-9050-40c30ad0b023"},{"assignedTimestamp":"2020-04-02T22:13:17Z","capabilityStatus":"Enabled","service":"CRM","servicePlanId":"d56f3deb-50d8-465a-bedb-f079817ccac1"},{"assignedTimestamp":"2020-04-02T22:13:17Z","capabilityStatus":"Enabled","service":"MicrosoftFormsProTest","servicePlanId":"97f29a83-1a20-44ff-bf48-5e4ad11f3e51"}],"city":"Beijing","companyName":"MICROSOFT - CHINA CO LTD","consentProvidedForMinor":null,"country":null,"createdDateTime":"2020-04-02T22:08:08Z","creationType":null,"department":"COGS - Data China - Cosmos","dirSyncEnabled":true,"displayName":"username Sun","employeeId":null,"facsimileTelephoneNumber":null,"givenName":"username","immutableId":"1362023","isCompromised":null,"jobTitle":"SOFTWARE - ENGINEER","lastDirSyncTime":"2020-07-11T14:19:07Z","legalAgeGroupClassification":null,"mail":"username.Sun@microsoft.com","mailNickname":"username","mobile":null,"onPremisesDistinguishedName":"CN=username - Sun,OU=UserAccounts,DC=fareast,DC=corp,DC=microsoft,DC=com","onPremisesSecurityIdentifier":"S-1-5-21-2146773085-903363285-719344707-2611871","otherMails":[],"passwordPolicies":"DisablePasswordExpiration","passwordProfile":null,"physicalDeliveryOfficeName":"BEIJING-BJW-1/Mobile","postalCode":null,"preferredLanguage":null,"provisionedPlans":[{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"SharePoint"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"SharePoint"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"SharePoint"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"MicrosoftCommunicationsOnline"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"MicrosoftCommunicationsOnline"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"CRM"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"MicrosoftCommunicationsOnline"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"SharePoint"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"SharePoint"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"CRM"}],"provisioningErrors":[],"proxyAddresses":["smtp:username@service.microsoft.com","SMTP:username.Sun@microsoft.com","smtp:username@microsoft.com","x500:/o=ExchangeLabs/ou=Exchange - Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=21fc8adf871949299627d16e1cfd00b9-username - Su","X500:/o=microsoft/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=f52eb0a1987547c3890c81ead532a38e-username - Sun","X500:/o=microsoft/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=0eb89b67c7094ea6a49396dcd00388d3-username - Sun","smtp:t-shasun@microsoft.onmicrosoft.com"],"refreshTokensValidFromDateTime":"2020-04-03T06:12:44Z","showInAddressList":null,"signInNames":[],"sipProxyAddress":"username@microsoft.com","state":null,"streetAddress":null,"surname":"Sun","telephoneNumber":"+86 - (10) 59175933","thumbnailPhoto@odata.mediaEditLink":"directoryObjects/6ae2ff4b-4939-4952-a097-d234aad383a3/Microsoft.DirectoryServices.User/thumbnailPhoto","usageLocation":"CN","userIdentities":[],"userPrincipalName":"username@microsoft.com","userState":null,"userStateChangedOn":null,"userType":"Member","extension_18e31482d3fb4a8ea958aa96b662f508_BuildingName":"MOBILE","extension_18e31482d3fb4a8ea958aa96b662f508_BuildingID":"99998","extension_18e31482d3fb4a8ea958aa96b662f508_ReportsToPersonnelNbr":"1251974","extension_18e31482d3fb4a8ea958aa96b662f508_ReportsToFullName":"Zhao, - Xue Shan","extension_18e31482d3fb4a8ea958aa96b662f508_ReportsToEmailName":"XUZHAO","extension_18e31482d3fb4a8ea958aa96b662f508_PositionNumber":"91975828","extension_18e31482d3fb4a8ea958aa96b662f508_SupervisorInd":"N","extension_18e31482d3fb4a8ea958aa96b662f508_ProfitCenterCode":"P10156563","extension_18e31482d3fb4a8ea958aa96b662f508_LocationAreaCode":"CN","extension_18e31482d3fb4a8ea958aa96b662f508_CostCenterCode":"10156563","extension_18e31482d3fb4a8ea958aa96b662f508_CompanyCode":"1107","extension_18e31482d3fb4a8ea958aa96b662f508_PersonnelNumber":"1362023"}]}' + string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[]}' headers: access-control-allow-origin: - '*' cache-control: - no-cache content-length: - - '14452' + - '121' content-type: - application/json; odata=minimalmetadata; streaming=true; charset=utf-8 dataserviceversion: - 3.0; date: - - Fri, 07 Aug 2020 06:43:22 GMT + - Tue, 06 Apr 2021 09:08:17 GMT duration: - - '2043445' + - '798597' expires: - '-1' ocp-aad-diagnostics-server-name: - - 2XmkqVQqJkY5lj2Rvn9U5aWHxrSJ2zkuKevGTice2Ws= + - FpjEHjARZKp18ny1QzxF33NAVs0Q9Cig+AbecwGdosw= ocp-aad-session-key: - - bU-R2q7x-B-za7hzvRflenVqOzNyWt6XEV8FBhvenGmL_MsWMbK6L7uoPoqLpa9cy6NNrUA2L-8cOA48UQmQTYNeKpTQlryuWIx6Qh2zZZjaPEDBo3X_pcnTkb9H8IWo.h_--uhiRTRBd5n2dDTlp9btw0IIHu_iUOKtLq8-IFlU + - MnEnr9EoX5xmsmn2D3zZe0x7ofxGFxSY0LolTZGOCvfd8q8b_YL5TgFyMV1AkMM8gaP-TJIQujlje2-P05v43JC6yFx6q3d69Q0I4LlGGWfUDguGfn-8E8P13UFG4WS5e4Dy0PL6_jj-1xY-RxEq3CXuuuSScMRqL6J_ZEJ5dHY.vlDwbOBEze7LG9_x_6iV-dMSn0dZhDLFzhsYYOdOd4M pragma: - no-cache request-id: - - 5e9973b0-cedb-43ba-a8c7-ce45c1e9b07f + - 83a8d978-45ae-4155-ae31-80dfa6b59589 strict-transport-security: - max-age=31536000; includeSubDomains x-aspnet-version: @@ -200,62 +342,94 @@ interactions: code: 200 message: OK - request: - body: '{"roleId": "7af0c69a-a548-47d6-aea3-d00e69bd83aa", "principalId": "6ae2ff4b-4939-4952-a097-d234aad383a3"}' + body: null headers: Accept: - application/json Accept-Encoding: - gzip, deflate + CommandName: + - synapse role assignment create Connection: - keep-alive - Content-Length: - - '105' - Content-Type: - - application/json + ParameterSetName: + - --workspace-name --role --assignee --assignment-id User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) - method: POST - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roleAssignments?api-version=2020-02-01-preview + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-graphrbac/0.60.0 Azure-SDK-For-Python AZURECLI/2.19.1 + accept-language: + - en-US + method: GET + uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/servicePrincipals?$filter=displayName%20eq%20%27testsynapsecli%27&api-version=1.6 response: body: - string: '{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-6ae2ff4b-4939-4952-a097-d234aad383a3","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3"}' + string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[{"odata.type":"Microsoft.DirectoryServices.ServicePrincipal","objectType":"ServicePrincipal","objectId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","deletionTimestamp":null,"accountEnabled":true,"addIns":[],"alternativeNames":[],"appDisplayName":"testsynapsecli","appId":"2892a05c-cfc5-40ba-85e8-b25488116b0d","applicationTemplateId":null,"appOwnerTenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","appRoleAssignmentRequired":false,"appRoles":[],"displayName":"testsynapsecli","errorUrl":null,"homepage":null,"informationalUrls":{"termsOfService":null,"support":null,"privacy":null,"marketing":null},"keyCredentials":[],"logoutUrl":null,"notificationEmailAddresses":[],"oauth2Permissions":[],"passwordCredentials":[],"preferredSingleSignOnMode":null,"preferredTokenSigningKeyEndDateTime":null,"preferredTokenSigningKeyThumbprint":null,"publisherName":"Microsoft","replyUrls":[],"samlMetadataUrl":null,"samlSingleSignOnSettings":null,"servicePrincipalNames":["2892a05c-cfc5-40ba-85e8-b25488116b0d"],"servicePrincipalType":"Application","signInAudience":"AzureADMyOrg","tags":["HideApp","WindowsAzureActiveDirectoryIntegratedApp"],"tokenEncryptionKeyId":null}]}' headers: + access-control-allow-origin: + - '*' + cache-control: + - no-cache content-length: - - '183' + - '1272' content-type: - - application/json; charset=utf-8 + - application/json; odata=minimalmetadata; streaming=true; charset=utf-8 + dataserviceversion: + - 3.0; date: - - Fri, 07 Aug 2020 06:43:24 GMT - server: - - Microsoft-HTTPAPI/2.0 + - Tue, 06 Apr 2021 09:08:18 GMT + duration: + - '384068' + expires: + - '-1' + ocp-aad-diagnostics-server-name: + - HmlURCP0hd0bfE8X4kYTdRpT+3Kxnln+WZriJaSjRaU= + ocp-aad-session-key: + - VA8TjHuZxan3301w-71TkonnPK1nraLlf_EUJGV1jHkWsmeyu-bViqiIc3nESl9ta48qpxpfOxb08zfW5pilCkG2H7cslzj5aocFp9YNaotgbQw6jiJ-o6vgSTwAQNzr6pHDzSR5F8TQBMqq6kIjrMfARyq9PXkIYUW-X0cmNIQ.4WuRzNOCghDI6jAbX-UaD9vMXZj-SWHWvfp4WoF8udw + pragma: + - no-cache + request-id: + - 171b09f8-24f7-4a44-9e1d-70f87c4ef315 strict-transport-security: - max-age=31536000; includeSubDomains + x-aspnet-version: + - 4.0.30319 + x-ms-dirapi-data-contract-version: + - '1.6' + x-ms-resource-unit: + - '1' + x-powered-by: + - ASP.NET status: code: 200 message: OK - request: - body: null + body: '{"roleId": "7572bffe-f453-4b66-912a-46cc5ef38fda", "principalId": "829ae9c5-95e5-4e5b-9f8b-eca27e2cb501", + "scope": "workspaces/clitestsynapseworkspace"}' headers: Accept: - - application/json + - application/json, text/json Accept-Encoding: - gzip, deflate Connection: - keep-alive + Content-Length: + - '152' + Content-Type: + - application/json User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) - method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roleAssignments/7af0c69a-a548-47d6-aea3-d00e69bd83aa-6ae2ff4b-4939-4952-a097-d234aad383a3?api-version=2020-02-01-preview + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleAssignments/0550e787-7841-4669-9ac8-a8176e900002?api-version=2020-08-01-preview response: body: - string: '{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-6ae2ff4b-4939-4952-a097-d234aad383a3","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3"}' + string: '{"id":"0550e787-7841-4669-9ac8-a8176e900002","roleDefinitionId":"7572bffe-f453-4b66-912a-46cc5ef38fda","principalId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","scope":"workspaces/clitestsynapseworkspace","principalType":"ServicePrincipal"}' headers: content-length: - - '183' + - '236' content-type: - application/json; charset=utf-8 date: - - Fri, 07 Aug 2020 06:43:25 GMT + - Tue, 06 Apr 2021 09:08:20 GMT server: - Microsoft-HTTPAPI/2.0 strict-transport-security: @@ -267,28 +441,67 @@ interactions: body: null headers: Accept: - - application/json + - application/json, text/json Accept-Encoding: - gzip, deflate Connection: - keep-alive User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roles?api-version=2020-02-01-preview + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleDefinitions?api-version=2020-08-01-preview response: body: - string: '{"value":[{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","name":"Workspace - Admin","isBuiltIn":true},{"id":"c3a6d2f1-a26f-4810-9b0f-591308d5cbf1","name":"Apache - Spark Admin","isBuiltIn":true},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","name":"Sql - Admin","isBuiltIn":true}]}' + string: "[{\"name\":\"Synapse Administrator\",\"description\":\"Full Synapse + access to serverless SQL pools, Apache Spark pools and Integration runtimes.\_ + Includes create, read, update and delete access to all published code artifacts.\_ + Includes Compute Operator, Linked Data Manager, and Credential User permissions + on the workspace system identity credential.\_ Includes granting access.\_ + Azure permissions are required to create, delete, or manage compute resources.\u200B\",\"id\":\"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/roleAssignments/write\",\"Microsoft.Synapse/workspaces/roleAssignments/delete\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/write\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/delete\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/linkedServices/useSecret/action\",\"Microsoft.Synapse/workspaces/credentials/useSecret/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/idw/read\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Linked Data Manager\",\"description\":\"Creation and management of managed + private endpoints, linked services, and credentials.\u200B\",\"id\":\"dd665582-e433-40ca-b183-1b1b33e73375\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/write\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/delete\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Contributor\",\"description\":\"Full Synapse access to serverless SQL pools, + Apache Spark pools, Integration runtimes.\_ Includes create, read, update, + and delete access to all published code artifacts and their outputs, including + credentials and linked services.\_ Includes compute operator permissions. + Does not include permission to use credentials and run pipelines. Does not + include granting access.\u200B\",\"id\":\"7572bffe-f453-4b66-912a-46cc5ef38fda\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Artifact Publisher\",\"description\":\"Create, read, update, and delete access + to published code artifacts and their outputs. Does not include permission + to run code or pipelines, or to grant access.\_\u200B\",\"id\":\"05930f57-09a3-4c0d-9fa9-6d1eb91c178b\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Artifact User\",\"description\":\"Read access to published code artifacts + and their outputs. Can create new artifacts but cannot publish changes or + run code without additional permissions.\u200B\",\"id\":\"53faaa0e-40b6-40c8-a2ff-e38f2d388875\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Compute Operator\",\"description\":\"Submit Spark jobs and notebooks and view + logs.\_ Includes canceling Spark jobs submitted by any user. Requires additional + credential use permissions on the workspace system identity to run pipelines, + view pipeline runs and outputs.\u200B\",\"id\":\"e3844cc7-4670-42cb-9349-9bdac1ee7881\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Credential User\",\"description\":\"Runtime and configuration-time use of + secrets within credentials and linked services in activities like pipeline + runs. To run pipelines, this role is required, scoped to the workspace system + identity.\u200B\",\"id\":\"5eb298b4-692c-4241-9cf0-f58a3b42bb25\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/linkedServices/useSecret/action\",\"Microsoft.Synapse/workspaces/credentials/useSecret/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + User\",\"description\":\"List and view details of SQL pools, Apache Spark + pools, Integration runtimes, and published linked services and credentials.\_ + Does not include other published code artifacts.\_ Can create new artifacts + but cannot run or publish without additional permissions.\_\_\_\u200B\",\"id\":\"2a385764-43e8-416c-9825-7b18d05a2c4b\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Apache + Spark Administrator\",\"description\":\"Full Synapse access to Apache Spark + Pools.\_ Create, read, update, and delete access to published Spark job definitions, + notebooks, and their outputs, and to libraries, linked services and credentials.\_ + Includes read access to all other published code artifacts. Does not include + permission to use credentials and run pipelines. Does not include granting + access.\u200B\",\"id\":\"c3a6d2f1-a26f-4810-9b0f-591308d5cbf1\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + SQL Administrator\",\"description\":\"Full Synapse access to serverless SQL + pools.\_ Create, read, update, and delete access to published SQL scripts, + credentials and linked services.\_ Includes read access to all other published + code artifacts.\_ Does not include permission to use credentials and run pipelines. + Does not include granting access.\",\"id\":\"7af0c69a-a548-47d6-aea3-d00e69bd83aa\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"}]" headers: content-length: - - '272' + - '13874' content-type: - application/json; charset=utf-8 date: - - Fri, 07 Aug 2020 06:43:26 GMT + - Tue, 06 Apr 2021 09:08:20 GMT server: - Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 strict-transport-security: @@ -303,28 +516,57 @@ interactions: - application/json Accept-Encoding: - gzip, deflate + CommandName: + - synapse role assignment create Connection: - keep-alive + ParameterSetName: + - --workspace-name --role --assignee --item-type --item --assignment-id User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-graphrbac/0.60.0 Azure-SDK-For-Python AZURECLI/2.19.1 + accept-language: + - en-US method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roleAssignments?api-version=2020-02-01-preview&roleId=7af0c69a-a548-47d6-aea3-d00e69bd83aa + uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/users?$filter=userPrincipalName%20eq%20%27testsynapsecli%27%20or%20mail%20eq%20%27testsynapsecli%27%20or%20displayName%20eq%20%27testsynapsecli%27&api-version=1.6 response: body: - string: '[{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-23a9b13a-a58b-4d8e-a58a-ff4c351fae61","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"23a9b13a-a58b-4d8e-a58a-ff4c351fae61"},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-6ae2ff4b-4939-4952-a097-d234aad383a3","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3"}]' + string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[]}' headers: + access-control-allow-origin: + - '*' + cache-control: + - no-cache content-length: - - '369' + - '121' content-type: - - application/json; charset=utf-8 + - application/json; odata=minimalmetadata; streaming=true; charset=utf-8 + dataserviceversion: + - 3.0; date: - - Fri, 07 Aug 2020 06:43:26 GMT - server: - - Microsoft-HTTPAPI/2.0 + - Tue, 06 Apr 2021 09:08:21 GMT + duration: + - '399526' + expires: + - '-1' + ocp-aad-diagnostics-server-name: + - /pI+VV+txf1gAMU6qEfmWCRcN5xi8TqVVw7wHR1MQ3M= + ocp-aad-session-key: + - v8kWb1P15c6akiqRP0S0TtEos9-1bqfaGudA3pAVaEM4tbktN6X8eTzACQAzb_uT8L8rvS5Img1yZZl7CZQMudhPjwmvWdeo3fXrqbbSjCCKVXOO9F7KpCoNS9QY9oLOYnaAjmdN8pbr879J50qKOAiICSMYAp2o6SBTcgf61Jo.gjNbz4ffnGUHyDGLFKKAKpfVZiW5KmYK4nhgkz-83PI + pragma: + - no-cache + request-id: + - b35d34a2-5882-451a-9423-8b1c15ac008f strict-transport-security: - max-age=31536000; includeSubDomains - x-ms-continuation: - - '' + x-aspnet-version: + - 4.0.30319 + x-ms-dirapi-data-contract-version: + - '1.6' + x-ms-resource-unit: + - '2' + x-powered-by: + - ASP.NET status: code: 200 message: OK @@ -336,56 +578,46 @@ interactions: Accept-Encoding: - gzip, deflate CommandName: - - synapse role assignment list + - synapse role assignment create Connection: - keep-alive ParameterSetName: - - --workspace-name --assignee + - --workspace-name --role --assignee --item-type --item --assignment-id User-Agent: - - python/3.7.8 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.3 azure-graphrbac/0.60.0 - Azure-SDK-For-Python AZURECLI/2.10.0 + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-graphrbac/0.60.0 Azure-SDK-For-Python AZURECLI/2.19.1 accept-language: - en-US method: GET - uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/users?$filter=userPrincipalName%20eq%20%27username%40microsoft.com%27&api-version=1.6 + uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/servicePrincipals?$filter=displayName%20eq%20%27testsynapsecli%27&api-version=1.6 response: body: - string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[{"odata.type":"Microsoft.DirectoryServices.User","objectType":"User","objectId":"6ae2ff4b-4939-4952-a097-d234aad383a3","deletionTimestamp":null,"accountEnabled":true,"ageGroup":null,"assignedLicenses":[{"disabledPlans":["b21a6b06-1988-436e-a07b-51ec6d9f52ad","531ee2f8-b1cb-453b-9c21-d2180d014ca5","bf28f719-7844-4079-9c78-c1307898e192","28b0fa46-c39a-4188-89e2-58e979a6b014","199a5c09-e0ca-4e37-8f7c-b05d533e1ea2","65cc641f-cccd-4643-97e0-a17e3045e541","e26c2fcc-ab91-4a61-b35c-03cdc8dddf66","46129a58-a698-46f0-aa5b-17f6586297d9","6db1f1db-2b46-403f-be40-e39395f08dbb","6dc145d6-95dd-4191-b9c3-185575ee6f6b","41fcdd7d-4733-4863-9cf4-c65b83ce2df4","2f442157-a11c-46b9-ae5b-6e39ff4e5849","c4801e8a-cb58-4c35-aca6-f2dcc106f287","0898bdbb-73b0-471a-81e5-20f1fe4dd66e","617b097b-4b93-4ede-83de-5f075bb5fb2f","33c4f319-9bdd-48d6-9c4d-410b750a4a5a","8e0c0a52-6a6c-4d40-8370-dd62790dcd70","4828c8ec-dc2e-4779-b502-87ac9ce28ab7","3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40"],"skuId":"c7df2760-2c81-4ef7-b578-5b5392b571df"},{"disabledPlans":[],"skuId":"9f3d9c1d-25a5-4aaa-8e59-23a1e6450a67"},{"disabledPlans":[],"skuId":"26a18e8f-4d14-46f8-835a-ed3ba424a961"},{"disabledPlans":[],"skuId":"412ce1a7-a499-41b3-8eb6-b38f2bbc5c3f"},{"disabledPlans":["39b5c996-467e-4e60-bd62-46066f572726"],"skuId":"90d8b3f8-712e-4f7b-aa1e-62e7ae6cbe96"},{"disabledPlans":[],"skuId":"c5928f49-12ba-48f7-ada3-0d743a3601d5"},{"disabledPlans":[],"skuId":"b05e124f-c7cc-45a0-a6aa-8cf78c946968"},{"disabledPlans":["e95bec33-7c88-4a70-8e19-b10bd9d0c014","5dbe027f-2339-4123-9542-606e4d348a72"],"skuId":"09015f9f-377f-4538-bbb5-f75ceb09358a"},{"disabledPlans":[],"skuId":"488ba24a-39a9-4473-8ee5-19291e71b002"},{"disabledPlans":["0b03f40b-c404-40c3-8651-2aceb74365fa","b650d915-9886-424b-a08d-633cede56f57","e95bec33-7c88-4a70-8e19-b10bd9d0c014","5dbe027f-2339-4123-9542-606e4d348a72","fe71d6c3-a2ea-4499-9778-da042bf08063","fafd7243-e5c1-4a3a-9e40-495efcb1d3c3"],"skuId":"ea126fc5-a19e-42e2-a731-da9d437bffcf"}],"assignedPlans":[{"assignedTimestamp":"2020-07-26T08:53:26Z","capabilityStatus":"Enabled","service":"SharePoint","servicePlanId":"fe71d6c3-a2ea-4499-9778-da042bf08063"},{"assignedTimestamp":"2020-07-26T08:53:26Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"199a5c09-e0ca-4e37-8f7c-b05d533e1ea2"},{"assignedTimestamp":"2020-07-26T08:53:26Z","capabilityStatus":"Enabled","service":"SharePoint","servicePlanId":"e95bec33-7c88-4a70-8e19-b10bd9d0c014"},{"assignedTimestamp":"2020-07-26T08:53:26Z","capabilityStatus":"Enabled","service":"SharePoint","servicePlanId":"5dbe027f-2339-4123-9542-606e4d348a72"},{"assignedTimestamp":"2020-07-26T08:53:26Z","capabilityStatus":"Enabled","service":"MicrosoftOffice","servicePlanId":"fafd7243-e5c1-4a3a-9e40-495efcb1d3c3"},{"assignedTimestamp":"2020-06-18T16:18:34Z","capabilityStatus":"Enabled","service":"MicrosoftPrint","servicePlanId":"795f6fe0-cc4d-4773-b050-5dde4dc704c9"},{"assignedTimestamp":"2020-04-04T16:06:17Z","capabilityStatus":"Enabled","service":"MicrosoftCommunicationsOnline","servicePlanId":"018fb91e-cee3-418c-9063-d7562978bdaf"},{"assignedTimestamp":"2020-04-04T16:06:16Z","capabilityStatus":"Enabled","service":"MicrosoftCommunicationsOnline","servicePlanId":"ca4be917-fbce-4b52-839e-6647467a1668"},{"assignedTimestamp":"2020-04-03T23:33:35Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"9f431833-0334-42de-a7dc-70aa40db46db"},{"assignedTimestamp":"2020-04-03T23:33:35Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"efb87545-963c-4e0d-99df-69c6916d9eb0"},{"assignedTimestamp":"2020-04-03T23:33:35Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"34c0d7a0-a70f-4668-9238-47f9fc208882"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"MicrosoftCommunicationsOnline","servicePlanId":"0feaeb32-d00e-4d66-bd5a-43b5b83db82c"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"ProcessSimple","servicePlanId":"07699545-9485-468e-95b6-2fca3738be01"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"Adallom","servicePlanId":"8c098270-9dd4-4350-9b30-ba4703f3b36b"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"b1188c4c-1b36-4018-b48b-ee07604f6feb"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"MicrosoftStream","servicePlanId":"6c6042f5-6f01-4d67-b8c1-eb99d36eed3e"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"AADPremiumService","servicePlanId":"41781fb2-bc02-4b7c-bd55-b576c07bb09d"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"Sway","servicePlanId":"a23b959c-7ce8-4e57-9140-b90eb88a9e97"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"5136a095-5cf0-4aff-bec3-e84448b38ea5"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"PowerBI","servicePlanId":"70d33638-9c74-4d01-bfd3-562de28bd4ba"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"ProjectWorkManagement","servicePlanId":"b737dad2-2f6c-4c65-90e3-ca563267e8b9"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"RMSOnline","servicePlanId":"bea4c11e-220a-4e6d-8eb8-8ea15d019f90"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"AADPremiumService","servicePlanId":"eec0eb4f-6444-4f95-aba0-50c24d67f998"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"ProjectProgramsAndPortfolios","servicePlanId":"818523f5-016b-4355-9be8-ed6944946ea7"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"OfficeForms","servicePlanId":"e212cbc7-0961-4c40-9825-01117710dcb1"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"4de31727-a228-4ec3-a5bf-8e45b5ca48cc"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"SCO","servicePlanId":"c1ec4a95-1f05-45b3-a911-aa3fa01094f5"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"SharePoint","servicePlanId":"2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"MicrosoftOffice","servicePlanId":"663a804f-1c30-4ff0-9915-9db84f0d1cea"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"TeamspaceAPI","servicePlanId":"57ff2da0-773e-42df-b2af-ffb7a2317929"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"AzureAdvancedThreatAnalytics","servicePlanId":"14ab5db5-e6c4-4b20-b4bc-13e36fd2227f"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"PowerAppsService","servicePlanId":"9c0dab89-a30c-4117-86e7-97bda240acd2"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"exchange","servicePlanId":"efb0351d-3b08-4503-993d-383af8de41e3"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"SharePoint","servicePlanId":"da792a53-cbc0-4184-a10d-e544dd34b3c1"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"Deskless","servicePlanId":"8c7d2df8-86f0-4902-b2ed-a0458298f3b3"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"RMSOnline","servicePlanId":"6c57d4b6-3b23-47a5-9bc9-69f17b4947b3"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"MultiFactorService","servicePlanId":"8a256a2b-b617-496d-b51b-e76466e88db0"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"ProcessSimple","servicePlanId":"fa200448-008c-4acb-abd4-ea106ed2199d"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"To-Do","servicePlanId":"3fb82609-8c27-4f7b-bd51-30634711ee67"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"RMSOnline","servicePlanId":"5689bec4-755d-4753-8b61-40975025187c"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"YammerEnterprise","servicePlanId":"7547a3fe-08ee-4ccb-b430-5077c5041653"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"WhiteboardServices","servicePlanId":"4a51bca5-1eff-43f5-878c-177680f191af"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"MicrosoftOffice","servicePlanId":"43de0ff5-c92c-492b-9116-175376d08c38"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"CRM","servicePlanId":"50554c47-71d9-49fd-bc54-42a2765c555c"},{"assignedTimestamp":"2020-04-03T07:19:37Z","capabilityStatus":"Enabled","service":"Adallom","servicePlanId":"2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2"},{"assignedTimestamp":"2020-04-02T22:13:18Z","capabilityStatus":"Enabled","service":"WindowsDefenderATP","servicePlanId":"871d91ec-ec1a-452b-a83f-bd76c7d770ef"},{"assignedTimestamp":"2020-04-02T22:13:18Z","capabilityStatus":"Enabled","service":"Windows","servicePlanId":"e7c91390-7625-45be-94e0-e16907e03118"},{"assignedTimestamp":"2020-04-02T22:13:17Z","capabilityStatus":"Enabled","service":"Netbreeze","servicePlanId":"03acaee3-9492-4f40-aed4-bcb6b32981b6"},{"assignedTimestamp":"2020-04-02T22:13:17Z","capabilityStatus":"Enabled","service":"DYN365AISERVICEINSIGHTS","servicePlanId":"1412cdc1-d593-4ad1-9050-40c30ad0b023"},{"assignedTimestamp":"2020-04-02T22:13:17Z","capabilityStatus":"Enabled","service":"CRM","servicePlanId":"d56f3deb-50d8-465a-bedb-f079817ccac1"},{"assignedTimestamp":"2020-04-02T22:13:17Z","capabilityStatus":"Enabled","service":"MicrosoftFormsProTest","servicePlanId":"97f29a83-1a20-44ff-bf48-5e4ad11f3e51"}],"city":"Beijing","companyName":"MICROSOFT - CHINA CO LTD","consentProvidedForMinor":null,"country":null,"createdDateTime":"2020-04-02T22:08:08Z","creationType":null,"department":"COGS - Data China - Cosmos","dirSyncEnabled":true,"displayName":"username Sun","employeeId":null,"facsimileTelephoneNumber":null,"givenName":"username","immutableId":"1362023","isCompromised":null,"jobTitle":"SOFTWARE - ENGINEER","lastDirSyncTime":"2020-07-11T14:19:07Z","legalAgeGroupClassification":null,"mail":"username.Sun@microsoft.com","mailNickname":"username","mobile":null,"onPremisesDistinguishedName":"CN=username - Sun,OU=UserAccounts,DC=fareast,DC=corp,DC=microsoft,DC=com","onPremisesSecurityIdentifier":"S-1-5-21-2146773085-903363285-719344707-2611871","otherMails":[],"passwordPolicies":"DisablePasswordExpiration","passwordProfile":null,"physicalDeliveryOfficeName":"BEIJING-BJW-1/Mobile","postalCode":null,"preferredLanguage":null,"provisionedPlans":[{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"SharePoint"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"SharePoint"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"SharePoint"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"MicrosoftCommunicationsOnline"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"MicrosoftCommunicationsOnline"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"exchange"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"CRM"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"MicrosoftCommunicationsOnline"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"SharePoint"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"SharePoint"},{"capabilityStatus":"Enabled","provisioningStatus":"Success","service":"CRM"}],"provisioningErrors":[],"proxyAddresses":["smtp:username@service.microsoft.com","SMTP:username.Sun@microsoft.com","smtp:username@microsoft.com","x500:/o=ExchangeLabs/ou=Exchange - Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=21fc8adf871949299627d16e1cfd00b9-username - Su","X500:/o=microsoft/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=f52eb0a1987547c3890c81ead532a38e-username - Sun","X500:/o=microsoft/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=0eb89b67c7094ea6a49396dcd00388d3-username - Sun","smtp:t-shasun@microsoft.onmicrosoft.com"],"refreshTokensValidFromDateTime":"2020-04-03T06:12:44Z","showInAddressList":null,"signInNames":[],"sipProxyAddress":"username@microsoft.com","state":null,"streetAddress":null,"surname":"Sun","telephoneNumber":"+86 - (10) 59175933","thumbnailPhoto@odata.mediaEditLink":"directoryObjects/6ae2ff4b-4939-4952-a097-d234aad383a3/Microsoft.DirectoryServices.User/thumbnailPhoto","usageLocation":"CN","userIdentities":[],"userPrincipalName":"username@microsoft.com","userState":null,"userStateChangedOn":null,"userType":"Member","extension_18e31482d3fb4a8ea958aa96b662f508_BuildingName":"MOBILE","extension_18e31482d3fb4a8ea958aa96b662f508_BuildingID":"99998","extension_18e31482d3fb4a8ea958aa96b662f508_ReportsToPersonnelNbr":"1251974","extension_18e31482d3fb4a8ea958aa96b662f508_ReportsToFullName":"Zhao, - Xue Shan","extension_18e31482d3fb4a8ea958aa96b662f508_ReportsToEmailName":"XUZHAO","extension_18e31482d3fb4a8ea958aa96b662f508_PositionNumber":"91975828","extension_18e31482d3fb4a8ea958aa96b662f508_SupervisorInd":"N","extension_18e31482d3fb4a8ea958aa96b662f508_ProfitCenterCode":"P10156563","extension_18e31482d3fb4a8ea958aa96b662f508_LocationAreaCode":"CN","extension_18e31482d3fb4a8ea958aa96b662f508_CostCenterCode":"10156563","extension_18e31482d3fb4a8ea958aa96b662f508_CompanyCode":"1107","extension_18e31482d3fb4a8ea958aa96b662f508_PersonnelNumber":"1362023"}]}' + string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[{"odata.type":"Microsoft.DirectoryServices.ServicePrincipal","objectType":"ServicePrincipal","objectId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","deletionTimestamp":null,"accountEnabled":true,"addIns":[],"alternativeNames":[],"appDisplayName":"testsynapsecli","appId":"2892a05c-cfc5-40ba-85e8-b25488116b0d","applicationTemplateId":null,"appOwnerTenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","appRoleAssignmentRequired":false,"appRoles":[],"displayName":"testsynapsecli","errorUrl":null,"homepage":null,"informationalUrls":{"termsOfService":null,"support":null,"privacy":null,"marketing":null},"keyCredentials":[],"logoutUrl":null,"notificationEmailAddresses":[],"oauth2Permissions":[],"passwordCredentials":[],"preferredSingleSignOnMode":null,"preferredTokenSigningKeyEndDateTime":null,"preferredTokenSigningKeyThumbprint":null,"publisherName":"Microsoft","replyUrls":[],"samlMetadataUrl":null,"samlSingleSignOnSettings":null,"servicePrincipalNames":["2892a05c-cfc5-40ba-85e8-b25488116b0d"],"servicePrincipalType":"Application","signInAudience":"AzureADMyOrg","tags":["HideApp","WindowsAzureActiveDirectoryIntegratedApp"],"tokenEncryptionKeyId":null}]}' headers: access-control-allow-origin: - '*' cache-control: - no-cache content-length: - - '14452' + - '1272' content-type: - application/json; odata=minimalmetadata; streaming=true; charset=utf-8 dataserviceversion: - 3.0; date: - - Fri, 07 Aug 2020 06:43:27 GMT + - Tue, 06 Apr 2021 09:08:23 GMT duration: - - '842243' + - '411008' expires: - '-1' ocp-aad-diagnostics-server-name: - - 2XmkqVQqJkY5lj2Rvn9U5aWHxrSJ2zkuKevGTice2Ws= + - 32nbQkfBCJ6nGVZl34q0Ikv/IU1IXH9AncOJAv2FPQc= ocp-aad-session-key: - - D_cHLEEAgGqCXgv32Mul6hOoPMc10Pfuj_mCOfw1BiA53uasJwfGSkZLVJl_j1PFj5PLqqBU7JPzbQaa-2ZwUTWimB19Az8ftokAAHzcLr3W3fUtc79LxnDOX4XACd6r.P0qnUz2_RdnQ-30809OWyCf_I6xbnNPB3BCqz3GcrTc + - 1rItlAlvgqDYngkD8b1z135PchMn4oUFGkOc2enI794qGk-X3Nl3Y9f8CJfzsa8obs7r8xg6ydzxnkDpMwG2X6hoIgFKWKCUWflWqsGjOHSGGGfyv5KlIV05RotYz1NFZcObDcPQYFwa_gnWOUMxWVrqSkociKIT1vz8OyPuy9U.j7hEmnQvBUkr4zDVDIx4L8Uk7-axyHerRNH_Sfe3dfI pragma: - no-cache request-id: - - 6a78d8c0-57b3-4370-aded-c853abf921b3 + - d5ed9abd-bc89-4fa7-b5a8-8e937553e01c strict-transport-security: - max-age=31536000; includeSubDomains x-aspnet-version: @@ -393,35 +625,172 @@ interactions: x-ms-dirapi-data-contract-version: - '1.6' x-ms-resource-unit: - - '2' + - '1' x-powered-by: - ASP.NET status: code: 200 message: OK - request: - body: null + body: '{"roleId": "7572bffe-f453-4b66-912a-46cc5ef38fda", "principalId": "829ae9c5-95e5-4e5b-9f8b-eca27e2cb501", + "scope": "workspaces/clitestsynapseworkspace/bigDataPools/testitem"}' headers: Accept: + - application/json, text/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + Content-Length: + - '174' + Content-Type: - application/json + User-Agent: + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleAssignments/0333e787-7841-4669-9ac8-a8176e900002?api-version=2020-08-01-preview + response: + body: + string: '{"id":"0333e787-7841-4669-9ac8-a8176e900002","roleDefinitionId":"7572bffe-f453-4b66-912a-46cc5ef38fda","principalId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","scope":"workspaces/clitestsynapseworkspace/bigDataPools/testitem","principalType":"ServicePrincipal"}' + headers: + content-length: + - '258' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Apr 2021 09:08:25 GMT + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json, text/json Accept-Encoding: - gzip, deflate Connection: - keep-alive User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roleAssignments?api-version=2020-02-01-preview&principalId=6ae2ff4b-4939-4952-a097-d234aad383a3 + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleAssignments/0550e787-7841-4669-9ac8-a8176e900002?api-version=2020-08-01-preview response: body: - string: '[{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78-6ae2ff4b-4939-4952-a097-d234aad383a3","roleId":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3"},{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78-e64a6f06-c0ef-4564-ab5d-ac006d710db5","roleId":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","principalId":"e64a6f06-c0ef-4564-ab5d-ac006d710db5"},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-23a9b13a-a58b-4d8e-a58a-ff4c351fae61","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"23a9b13a-a58b-4d8e-a58a-ff4c351fae61"},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-6ae2ff4b-4939-4952-a097-d234aad383a3","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3"}]' + string: '{"id":"0550e787-7841-4669-9ac8-a8176e900002","roleDefinitionId":"7572bffe-f453-4b66-912a-46cc5ef38fda","principalId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","scope":"workspaces/clitestsynapseworkspace","principalType":"ServicePrincipal"}' headers: content-length: - - '737' + - '236' content-type: - application/json; charset=utf-8 date: - - Fri, 07 Aug 2020 06:43:28 GMT + - Tue, 06 Apr 2021 09:08:26 GMT + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json, text/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleDefinitions?api-version=2020-08-01-preview + response: + body: + string: "[{\"name\":\"Synapse Administrator\",\"description\":\"Full Synapse + access to serverless SQL pools, Apache Spark pools and Integration runtimes.\_ + Includes create, read, update and delete access to all published code artifacts.\_ + Includes Compute Operator, Linked Data Manager, and Credential User permissions + on the workspace system identity credential.\_ Includes granting access.\_ + Azure permissions are required to create, delete, or manage compute resources.\u200B\",\"id\":\"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/roleAssignments/write\",\"Microsoft.Synapse/workspaces/roleAssignments/delete\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/write\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/delete\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/linkedServices/useSecret/action\",\"Microsoft.Synapse/workspaces/credentials/useSecret/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/idw/read\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Linked Data Manager\",\"description\":\"Creation and management of managed + private endpoints, linked services, and credentials.\u200B\",\"id\":\"dd665582-e433-40ca-b183-1b1b33e73375\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/write\",\"Microsoft.Synapse/workspaces/managedPrivateEndpoints/delete\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Contributor\",\"description\":\"Full Synapse access to serverless SQL pools, + Apache Spark pools, Integration runtimes.\_ Includes create, read, update, + and delete access to all published code artifacts and their outputs, including + credentials and linked services.\_ Includes compute operator permissions. + Does not include permission to use credentials and run pipelines. Does not + include granting access.\u200B\",\"id\":\"7572bffe-f453-4b66-912a-46cc5ef38fda\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Artifact Publisher\",\"description\":\"Create, read, update, and delete access + to published code artifacts and their outputs. Does not include permission + to run code or pipelines, or to grant access.\_\u200B\",\"id\":\"05930f57-09a3-4c0d-9fa9-6d1eb91c178b\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/dataFlows/write\",\"Microsoft.Synapse/workspaces/pipelines/write\",\"Microsoft.Synapse/workspaces/triggers/write\",\"Microsoft.Synapse/workspaces/datasets/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/dataFlows/delete\",\"Microsoft.Synapse/workspaces/pipelines/delete\",\"Microsoft.Synapse/workspaces/triggers/delete\",\"Microsoft.Synapse/workspaces/datasets/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/kqlScripts/write\",\"Microsoft.Synapse/workspaces/kqlScripts/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Artifact User\",\"description\":\"Read access to published code artifacts + and their outputs. Can create new artifacts but cannot publish changes or + run code without additional permissions.\u200B\",\"id\":\"53faaa0e-40b6-40c8-a2ff-e38f2d388875\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\",\"Microsoft.Synapse/workspaces/pipelines/viewOutputs/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Compute Operator\",\"description\":\"Submit Spark jobs and notebooks and view + logs.\_ Includes canceling Spark jobs submitted by any user. Requires additional + credential use permissions on the workspace system identity to run pipelines, + view pipeline runs and outputs.\u200B\",\"id\":\"e3844cc7-4670-42cb-9349-9bdac1ee7881\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/scopePools/useCompute/action\",\"Microsoft.Synapse/workspaces/scopePools/viewLogs/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/useCompute/action\",\"Microsoft.Synapse/workspaces/integrationRuntimes/viewLogs/action\",\"Microsoft.Synapse/workspaces/cancelPipelineRun/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + Credential User\",\"description\":\"Runtime and configuration-time use of + secrets within credentials and linked services in activities like pipeline + runs. To run pipelines, this role is required, scoped to the workspace system + identity.\u200B\",\"id\":\"5eb298b4-692c-4241-9cf0-f58a3b42bb25\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/linkedServices/useSecret/action\",\"Microsoft.Synapse/workspaces/credentials/useSecret/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + User\",\"description\":\"List and view details of SQL pools, Apache Spark + pools, Integration runtimes, and published linked services and credentials.\_ + Does not include other published code artifacts.\_ Can create new artifacts + but cannot run or publish without additional permissions.\_\_\_\u200B\",\"id\":\"2a385764-43e8-416c-9825-7b18d05a2c4b\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\",\"workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}\",\"workspaces/{workspaceName}/scopePools/{scopePoolName}\",\"workspaces/{workspaceName}/integrationRuntimes/{integrationRuntimeName}\",\"workspaces/{workspaceName}/linkedServices/{linkedServiceName}\",\"workspaces/{workspaceName}/credentials/{credentialName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Apache + Spark Administrator\",\"description\":\"Full Synapse access to Apache Spark + Pools.\_ Create, read, update, and delete access to published Spark job definitions, + notebooks, and their outputs, and to libraries, linked services and credentials.\_ + Includes read access to all other published code artifacts. Does not include + permission to use credentials and run pipelines. Does not include granting + access.\u200B\",\"id\":\"c3a6d2f1-a26f-4810-9b0f-591308d5cbf1\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/bigDataPools/useCompute/action\",\"Microsoft.Synapse/workspaces/bigDataPools/viewLogs/action\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/notebooks/write\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/notebooks/delete\",\"Microsoft.Synapse/workspaces/sparkJobDefinitions/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\",\"Microsoft.Synapse/workspaces/libraries/delete\",\"Microsoft.Synapse/workspaces/libraries/write\",\"Microsoft.Synapse/workspaces/notebooks/viewOutputs/action\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"},{\"name\":\"Synapse + SQL Administrator\",\"description\":\"Full Synapse access to serverless SQL + pools.\_ Create, read, update, and delete access to published SQL scripts, + credentials and linked services.\_ Includes read access to all other published + code artifacts.\_ Does not include permission to use credentials and run pipelines. + Does not include granting access.\",\"id\":\"7af0c69a-a548-47d6-aea3-d00e69bd83aa\",\"isBuiltIn\":true,\"permissions\":[{\"actions\":[],\"notActions\":[],\"dataActions\":[\"Microsoft.Synapse/workspaces/read\",\"Microsoft.Synapse/workspaces/artifacts/read\",\"Microsoft.Synapse/workspaces/sqlScripts/write\",\"Microsoft.Synapse/workspaces/linkedServices/write\",\"Microsoft.Synapse/workspaces/credentials/write\",\"Microsoft.Synapse/workspaces/sqlScripts/delete\",\"Microsoft.Synapse/workspaces/linkedServices/delete\",\"Microsoft.Synapse/workspaces/credentials/delete\"],\"notDataActions\":[]}],\"scopes\":[\"workspaces/{workspaceName}\"],\"availabilityStatus\":\"Available\"}]" + headers: + content-length: + - '13874' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Apr 2021 09:08:27 GMT + server: + - Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json, text/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleAssignments?api-version=2020-08-01-preview&roleId=7572bffe-f453-4b66-912a-46cc5ef38fda&scope=workspaces%2Fclitestsynapseworkspace%2FbigDataPools%2Ftestitem + response: + body: + string: '{"count":2,"value":[{"id":"0550e787-7841-4669-9ac8-a8176e900002","roleDefinitionId":"7572bffe-f453-4b66-912a-46cc5ef38fda","principalId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","scope":"workspaces/clitestsynapseworkspace","principalType":"ServicePrincipal"},{"id":"0333e787-7841-4669-9ac8-a8176e900002","roleDefinitionId":"7572bffe-f453-4b66-912a-46cc5ef38fda","principalId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","scope":"workspaces/clitestsynapseworkspace/bigDataPools/testitem","principalType":"ServicePrincipal"}]}' + headers: + content-length: + - '517' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Apr 2021 09:08:28 GMT server: - Microsoft-HTTPAPI/2.0 strict-transport-security: @@ -445,44 +814,40 @@ interactions: ParameterSetName: - --workspace-name --assignee User-Agent: - - python/3.7.8 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.3 azure-graphrbac/0.60.0 - Azure-SDK-For-Python AZURECLI/2.10.0 + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-graphrbac/0.60.0 Azure-SDK-For-Python AZURECLI/2.19.1 accept-language: - en-US method: GET - uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/servicePrincipals?$filter=servicePrincipalNames%2Fany%28c%3Ac%20eq%20%27http%3A%2F%2Fusername-sp%27%29&api-version=1.6 + uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/users?$filter=userPrincipalName%20eq%20%27testsynapsecli%27%20or%20mail%20eq%20%27testsynapsecli%27%20or%20displayName%20eq%20%27testsynapsecli%27&api-version=1.6 response: body: - string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[{"odata.type":"Microsoft.DirectoryServices.ServicePrincipal","objectType":"ServicePrincipal","objectId":"23a9b13a-a58b-4d8e-a58a-ff4c351fae61","deletionTimestamp":null,"accountEnabled":true,"addIns":[],"alternativeNames":[],"appDisplayName":"username-sp","appId":"f14b9779-ec77-4b91-bdac-043b8336d101","applicationTemplateId":null,"appOwnerTenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","appRoleAssignmentRequired":false,"appRoles":[],"displayName":"username-sp","errorUrl":null,"homepage":"https://username-sp","informationalUrls":{"termsOfService":null,"support":null,"privacy":null,"marketing":null},"keyCredentials":[],"logoutUrl":null,"notificationEmailAddresses":[],"oauth2Permissions":[{"adminConsentDescription":"Allow - the application to access username-sp on behalf of the signed-in user.","adminConsentDisplayName":"Access - username-sp","id":"3edfc4af-7c63-40ef-9b8b-2a57cc936c95","isEnabled":true,"type":"User","userConsentDescription":"Allow - the application to access username-sp on your behalf.","userConsentDisplayName":"Access - username-sp","value":"user_impersonation"}],"passwordCredentials":[],"preferredSingleSignOnMode":null,"preferredTokenSigningKeyEndDateTime":null,"preferredTokenSigningKeyThumbprint":null,"publisherName":"Microsoft","replyUrls":[],"samlMetadataUrl":null,"samlSingleSignOnSettings":null,"servicePrincipalNames":["http://username-sp","f14b9779-ec77-4b91-bdac-043b8336d101"],"servicePrincipalType":"Application","signInAudience":"AzureADMyOrg","tags":[],"tokenEncryptionKeyId":null}]}' + string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[]}' headers: access-control-allow-origin: - '*' cache-control: - no-cache content-length: - - '1642' + - '121' content-type: - application/json; odata=minimalmetadata; streaming=true; charset=utf-8 dataserviceversion: - 3.0; date: - - Fri, 07 Aug 2020 06:43:29 GMT + - Tue, 06 Apr 2021 09:08:28 GMT duration: - - '727967' + - '297387' expires: - '-1' ocp-aad-diagnostics-server-name: - - yNxF7jtBFji9Zz1ptLqQU8zb7jlwoBwdwoVfyfCK7o0= + - whfiGy3GprkCoOpu5w7NkcspW3omDTOlysFQ3LdPX+0= ocp-aad-session-key: - - GnNviRM6ikcqBfuEruTkYU8huh1-M9kxs9aK4hrwdF2CSkCoTUlCyR22KeUNx9c-GKRtJz7xFojHF6SB_oiiDUZ6A_rXC_42kdbqjnMYECG0Qc6tnkPLcwKSXX4Rnw9M.wl37r6pYsCqJznffvA74Thxw8Be0HgG3YmeWMS_u5bQ + - su-bnrd01H09Rc9OtwUeOKnxe1p6sYgNbPa2z2NATdqb41GZXic0Of3Jr9O-RBh3SkT21RXcFoRIu0iW-pTw8waKOqvRZMMzRIs3E-ih27zW3ENV6Mkpbu0PldCCfwYlcCHagX0gFOSoET1xAQ20yzPhTdwP3x_0wB7ZENGX6FI.qbu95UCo4ZXaHgZE8eGKYgOFory2NICfa4SHI2zdjoo pragma: - no-cache request-id: - - 542c2e79-5f35-48da-b54f-2cfe48d6f586 + - c8f6901b-79c8-479e-88b9-1d3f3d84ad00 strict-transport-security: - max-age=31536000; includeSubDomains x-aspnet-version: @@ -490,44 +855,12 @@ interactions: x-ms-dirapi-data-contract-version: - '1.6' x-ms-resource-unit: - - '1' + - '2' x-powered-by: - ASP.NET status: code: 200 message: OK -- request: - body: null - headers: - Accept: - - application/json - Accept-Encoding: - - gzip, deflate - Connection: - - keep-alive - User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) - method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roleAssignments?api-version=2020-02-01-preview&principalId=23a9b13a-a58b-4d8e-a58a-ff4c351fae61 - response: - body: - string: '[{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78-6ae2ff4b-4939-4952-a097-d234aad383a3","roleId":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3"},{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78-e64a6f06-c0ef-4564-ab5d-ac006d710db5","roleId":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","principalId":"e64a6f06-c0ef-4564-ab5d-ac006d710db5"},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-23a9b13a-a58b-4d8e-a58a-ff4c351fae61","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"23a9b13a-a58b-4d8e-a58a-ff4c351fae61"},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-6ae2ff4b-4939-4952-a097-d234aad383a3","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3"}]' - headers: - content-length: - - '737' - content-type: - - application/json; charset=utf-8 - date: - - Fri, 07 Aug 2020 06:43:30 GMT - server: - - Microsoft-HTTPAPI/2.0 - strict-transport-security: - - max-age=31536000; includeSubDomains - x-ms-continuation: - - '' - status: - code: 200 - message: OK - request: body: null headers: @@ -542,40 +875,40 @@ interactions: ParameterSetName: - --workspace-name --assignee User-Agent: - - python/3.7.8 (Windows-10-10.0.18362-SP0) msrest/0.6.9 msrest_azure/0.6.3 azure-graphrbac/0.60.0 - Azure-SDK-For-Python AZURECLI/2.10.0 + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.21 msrest_azure/0.6.3 + azure-graphrbac/0.60.0 Azure-SDK-For-Python AZURECLI/2.19.1 accept-language: - en-US method: GET - uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/servicePrincipals?$filter=servicePrincipalNames%2Fany%28c%3Ac%20eq%20%276ae2ff4b-4939-4952-a097-d234aad383a3%27%29&api-version=1.6 + uri: https://graph.windows.net/00000000-0000-0000-0000-000000000000/servicePrincipals?$filter=displayName%20eq%20%27testsynapsecli%27&api-version=1.6 response: body: - string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[]}' + string: '{"odata.metadata":"https://graph.windows.net/00000000-0000-0000-0000-000000000000/$metadata#directoryObjects","value":[{"odata.type":"Microsoft.DirectoryServices.ServicePrincipal","objectType":"ServicePrincipal","objectId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","deletionTimestamp":null,"accountEnabled":true,"addIns":[],"alternativeNames":[],"appDisplayName":"testsynapsecli","appId":"2892a05c-cfc5-40ba-85e8-b25488116b0d","applicationTemplateId":null,"appOwnerTenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","appRoleAssignmentRequired":false,"appRoles":[],"displayName":"testsynapsecli","errorUrl":null,"homepage":null,"informationalUrls":{"termsOfService":null,"support":null,"privacy":null,"marketing":null},"keyCredentials":[],"logoutUrl":null,"notificationEmailAddresses":[],"oauth2Permissions":[],"passwordCredentials":[],"preferredSingleSignOnMode":null,"preferredTokenSigningKeyEndDateTime":null,"preferredTokenSigningKeyThumbprint":null,"publisherName":"Microsoft","replyUrls":[],"samlMetadataUrl":null,"samlSingleSignOnSettings":null,"servicePrincipalNames":["2892a05c-cfc5-40ba-85e8-b25488116b0d"],"servicePrincipalType":"Application","signInAudience":"AzureADMyOrg","tags":["HideApp","WindowsAzureActiveDirectoryIntegratedApp"],"tokenEncryptionKeyId":null}]}' headers: access-control-allow-origin: - '*' cache-control: - no-cache content-length: - - '121' + - '1272' content-type: - application/json; odata=minimalmetadata; streaming=true; charset=utf-8 dataserviceversion: - 3.0; date: - - Fri, 07 Aug 2020 06:43:30 GMT + - Tue, 06 Apr 2021 09:08:29 GMT duration: - - '688725' + - '403079' expires: - '-1' ocp-aad-diagnostics-server-name: - - 9gwaktdEGpuDasWoFu8nG0S2KXzLkuHBvzCFkIy+/nY= + - R+h3oiDQnAMn8vQuRd3MPeUQgDB8CYEF0ZdTbM/gyVo= ocp-aad-session-key: - - fyeDKJjU6CmkR92ycjwqUie52AhvSpVDwgOsan_AQM2J861jxUmsL6qZxKXUe51BBeJfOkd23Vnz0fBCxhJhoBacWc4iKlc3XegxHKcKdEyvTd1e5ULCkrq50lbSn7bA.b78M8wm6SRwBWKpNS2c6lLlZdtsOd7CfsgLsIcmyikU + - f12pFChCJqpoa4pYPrnuI-MuZ8xnOmmnL_m-6wotoh-J0q8WNUXm2ZfamEguqIjBS53j7e9aL6kveTmrfD4YdeqcbQadUomrTSOBjnX0wSl9ioRVDU7B6DoUHArTM1sm_hCQQj3dUS66EWMMr3j31YUi00sZ0RevPAHMYcOpMys.Ky7N_1HguPZWylPqFmZP8uaqDMUCLGJUQs1249uOers pragma: - no-cache request-id: - - 81c3104a-aaf6-455a-ae2a-f156961e0194 + - 17a3fbca-3fe5-458a-b191-eb49cb39c6a9 strict-transport-security: - max-age=31536000; includeSubDomains x-aspnet-version: @@ -593,25 +926,25 @@ interactions: body: null headers: Accept: - - application/json + - application/json, text/json Accept-Encoding: - gzip, deflate Connection: - keep-alive User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roleAssignments?api-version=2020-02-01-preview&principalId=6ae2ff4b-4939-4952-a097-d234aad383a3 + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleAssignments?api-version=2020-08-01-preview&principalId=829ae9c5-95e5-4e5b-9f8b-eca27e2cb501 response: body: - string: '[{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78-6ae2ff4b-4939-4952-a097-d234aad383a3","roleId":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3"},{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78-e64a6f06-c0ef-4564-ab5d-ac006d710db5","roleId":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","principalId":"e64a6f06-c0ef-4564-ab5d-ac006d710db5"},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-23a9b13a-a58b-4d8e-a58a-ff4c351fae61","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"23a9b13a-a58b-4d8e-a58a-ff4c351fae61"},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-6ae2ff4b-4939-4952-a097-d234aad383a3","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3"}]' + string: '{"count":2,"value":[{"id":"0550e787-7841-4669-9ac8-a8176e900002","roleDefinitionId":"7572bffe-f453-4b66-912a-46cc5ef38fda","principalId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","scope":"workspaces/clitestsynapseworkspace","principalType":"ServicePrincipal"},{"id":"0333e787-7841-4669-9ac8-a8176e900002","roleDefinitionId":"7572bffe-f453-4b66-912a-46cc5ef38fda","principalId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","scope":"workspaces/clitestsynapseworkspace/bigDataPools/testitem","principalType":"ServicePrincipal"}]}' headers: content-length: - - '737' + - '517' content-type: - application/json; charset=utf-8 date: - - Fri, 07 Aug 2020 06:43:31 GMT + - Tue, 06 Apr 2021 09:08:30 GMT server: - Microsoft-HTTPAPI/2.0 strict-transport-security: @@ -625,25 +958,25 @@ interactions: body: null headers: Accept: - - application/json + - application/json, text/json Accept-Encoding: - gzip, deflate Connection: - keep-alive User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roleAssignments?api-version=2020-02-01-preview + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleAssignments?api-version=2020-08-01-preview&principalId=829ae9c5-95e5-4e5b-9f8b-eca27e2cb501 response: body: - string: '[{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78-6ae2ff4b-4939-4952-a097-d234aad383a3","roleId":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3"},{"id":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78-e64a6f06-c0ef-4564-ab5d-ac006d710db5","roleId":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","principalId":"e64a6f06-c0ef-4564-ab5d-ac006d710db5"},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-23a9b13a-a58b-4d8e-a58a-ff4c351fae61","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"23a9b13a-a58b-4d8e-a58a-ff4c351fae61"},{"id":"7af0c69a-a548-47d6-aea3-d00e69bd83aa-6ae2ff4b-4939-4952-a097-d234aad383a3","roleId":"7af0c69a-a548-47d6-aea3-d00e69bd83aa","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3"}]' + string: '{"count":2,"value":[{"id":"0550e787-7841-4669-9ac8-a8176e900002","roleDefinitionId":"7572bffe-f453-4b66-912a-46cc5ef38fda","principalId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","scope":"workspaces/clitestsynapseworkspace","principalType":"ServicePrincipal"},{"id":"0333e787-7841-4669-9ac8-a8176e900002","roleDefinitionId":"7572bffe-f453-4b66-912a-46cc5ef38fda","principalId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","scope":"workspaces/clitestsynapseworkspace/bigDataPools/testitem","principalType":"ServicePrincipal"}]}' headers: content-length: - - '737' + - '517' content-type: - application/json; charset=utf-8 date: - - Fri, 07 Aug 2020 06:43:32 GMT + - Tue, 06 Apr 2021 09:08:31 GMT server: - Microsoft-HTTPAPI/2.0 strict-transport-security: @@ -657,7 +990,39 @@ interactions: body: null headers: Accept: - - '*/*' + - application/json, text/json + Accept-Encoding: + - gzip, deflate + Connection: + - keep-alive + User-Agent: + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleAssignments?api-version=2020-08-01-preview + response: + body: + string: '{"count":4,"value":[{"id":"5381931d-afcb-4105-9e88-f8d93333da56","roleDefinitionId":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","principalId":"6ae2ff4b-4939-4952-a097-d234aad383a3","scope":"workspaces/clitestsynapseworkspace","principalType":"User"},{"id":"6e673719-eeb8-48e5-ab9d-3b8a2f5b314e","roleDefinitionId":"6e4bf58a-b8e1-4cc3-bbf9-d73143322b78","principalId":"32625750-0c5d-4fcf-b813-9e27564a2b82","scope":"workspaces/clitestsynapseworkspace","principalType":"ServicePrincipal"},{"id":"0550e787-7841-4669-9ac8-a8176e900002","roleDefinitionId":"7572bffe-f453-4b66-912a-46cc5ef38fda","principalId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","scope":"workspaces/clitestsynapseworkspace","principalType":"ServicePrincipal"},{"id":"0333e787-7841-4669-9ac8-a8176e900002","roleDefinitionId":"7572bffe-f453-4b66-912a-46cc5ef38fda","principalId":"829ae9c5-95e5-4e5b-9f8b-eca27e2cb501","scope":"workspaces/clitestsynapseworkspace/bigDataPools/testitem","principalType":"ServicePrincipal"}]}' + headers: + content-length: + - '979' + content-type: + - application/json; charset=utf-8 + date: + - Tue, 06 Apr 2021 09:08:32 GMT + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-ms-continuation: + - '' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json, text/json Accept-Encoding: - gzip, deflate Connection: @@ -665,9 +1030,9 @@ interactions: Content-Length: - '0' User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) method: DELETE - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roleAssignments/7af0c69a-a548-47d6-aea3-d00e69bd83aa-6ae2ff4b-4939-4952-a097-d234aad383a3?api-version=2020-02-01-preview + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleAssignments/0550e787-7841-4669-9ac8-a8176e900002?api-version=2020-08-01-preview response: body: string: '' @@ -675,27 +1040,27 @@ interactions: content-length: - '0' date: - - Fri, 07 Aug 2020 06:43:33 GMT + - Tue, 06 Apr 2021 09:08:33 GMT server: - Microsoft-HTTPAPI/2.0 strict-transport-security: - max-age=31536000; includeSubDomains status: - code: 200 - message: OK + code: 204 + message: No Content - request: body: null headers: Accept: - - application/json + - application/json, text/json Accept-Encoding: - gzip, deflate Connection: - keep-alive User-Agent: - - azsdk-python-synapse/0.2.0 Python/3.7.8 (Windows-10-10.0.18362-SP0) + - azsdk-python-synapse/0.5.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) method: GET - uri: https://testsynapseworkspace.dev.azuresynapse.net/rbac/roleAssignments/7af0c69a-a548-47d6-aea3-d00e69bd83aa-6ae2ff4b-4939-4952-a097-d234aad383a3?api-version=2020-02-01-preview + uri: https://clitestsynapseworkspace.dev.azuresynapse.net/roleAssignments/0550e787-7841-4669-9ac8-a8176e900002?api-version=2020-08-01-preview response: body: string: '{"error":{"code":"RoleAssignmentNotFound","message":"RoleAssignmentNotFound"}}' @@ -705,7 +1070,7 @@ interactions: content-type: - application/json; charset=utf-8 date: - - Fri, 07 Aug 2020 06:43:34 GMT + - Tue, 06 Apr 2021 09:08:35 GMT server: - Microsoft-HTTPAPI/2.0 strict-transport-security: @@ -713,4 +1078,4 @@ interactions: status: code: 404 message: Not Found -version: 1 \ No newline at end of file +version: 1 diff --git a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py index a60e7f0832e..ea7c3b687de 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py @@ -736,15 +736,25 @@ def test_spark_session_and_statements(self, resource_group): @record_only() def test_access_control(self): self.kwargs.update({ - 'workspace': 'testsynapseworkspace', - 'role': 'Sql Admin', - 'userPrincipal': 'username@microsoft.com', - 'servicePrincipal': 'http://username-sp'}) + 'workspace': 'clitestsynapseworkspace', + 'role': 'Synapse Contributor', + 'userPrincipal': 'username@contoso.com', + 'servicePrincipal': 'testsynapsecli', + 'scopeName': 'workspaces/{workspaceName}/bigDataPools/{bigDataPoolName}', + 'itemType': 'bigDataPools', + 'item': 'testitem'}) self.cmd( - 'az synapse role definition list --workspace-name {workspace} ', + 'az synapse role scope list --workspace-name {workspace} ', checks=[ - self.check('length([])', 3) + self.check("contains([], '{scopeName}')", True) + ] + ) + + self.cmd( + 'az synapse role definition list --workspace-name {workspace}', + checks=[ + self.check('[0].name', 'Synapse Administrator') ]) # get role definition @@ -753,52 +763,57 @@ def test_access_control(self): checks=[ self.check('name', self.kwargs['role']) ]).get_output_in_json() + self.kwargs['roleId'] = role_definition_get['id'] # create role assignment role_assignment_create = self.cmd( - 'az synapse role assignment create --workspace-name {workspace} --role "{role}" --assignee {userPrincipal} ', + 'az synapse role assignment create --workspace-name {workspace} --role "{role}" ' + '--assignee {servicePrincipal} --assignment-id 0550e787-7841-4669-9ac8-a8176e900002', checks=[ - self.check('roleId', self.kwargs['roleId']) + self.check('roleDefinitionId', self.kwargs['roleId']) ]).get_output_in_json() self.kwargs['roleAssignmentId'] = role_assignment_create['id'] - self.kwargs['roleId'] = role_assignment_create['roleId'] + self.kwargs['roleId'] = role_assignment_create['roleDefinitionId'] self.kwargs['principalId'] = role_assignment_create['principalId'] - # get role assignment + # create role assignment at scope self.cmd( - 'az synapse role assignment show --workspace-name {workspace} --id {roleAssignmentId} ', + 'az synapse role assignment create --workspace-name {workspace} --role "{role}" ' + '--assignee {servicePrincipal} --item-type {itemType} --item {item} ' + '--assignment-id 0333e787-7841-4669-9ac8-a8176e900002', checks=[ - self.check('roleId', self.kwargs['roleId']), - self.check('principalId', self.kwargs['principalId']) + self.check('roleDefinitionId', self.kwargs['roleId']), + self.check('scope', 'workspaces/{workspace}/{itemType}/{item}') ]) - # list role assignment by role + # get role assignment self.cmd( - 'az synapse role assignment list --workspace-name {workspace} --role "{role}" ', + 'az synapse role assignment show --workspace-name {workspace} --id {roleAssignmentId} ', checks=[ - self.check('length([])', 2) + self.check('roleDefinitionId', self.kwargs['roleId']), + self.check('principalId', self.kwargs['principalId']) ]) - # list role assignment by userPrincipal + # list role assignment by role and scope self.cmd( - 'az synapse role assignment list --workspace-name {workspace} --assignee {userPrincipal} ', + 'az synapse role assignment list --workspace-name {workspace} --role "{role}" --item-type {itemType} --item {item}', checks=[ - self.check('length([])', 2) + self.check("length([])", 2) ]) # list role assignment by servicePrincipal self.cmd( 'az synapse role assignment list --workspace-name {workspace} --assignee {servicePrincipal} ', checks=[ - self.check('length([])', 1) + self.check("length([])", 2) ]) # list role assignment by object_id self.cmd( - 'az synapse role assignment list --workspace-name {workspace} --assignee {principalId} ', + 'az synapse role assignment list --workspace-name {workspace} --assignee-object-id {principalId} ', checks=[ - self.check('length([])', 2) + self.check("length([])", 2) ]) # delete role assignment diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt index 41c7b2e5c36..6061a5b2975 100644 --- a/src/azure-cli/requirements.py3.Darwin.txt +++ b/src/azure-cli/requirements.py3.Darwin.txt @@ -85,7 +85,7 @@ azure-multiapi-storage==0.5.2 azure-nspkg==3.0.2 azure-loganalytics==0.1.0 azure-storage-common==1.4.2 -azure-synapse-accesscontrol==0.2.0 +azure-synapse-accesscontrol==0.5.0 azure-synapse-artifacts==0.3.0 azure-synapse-spark==0.2.0 bcrypt==3.1.7 diff --git a/src/azure-cli/requirements.py3.Linux.txt b/src/azure-cli/requirements.py3.Linux.txt index 41c7b2e5c36..6061a5b2975 100644 --- a/src/azure-cli/requirements.py3.Linux.txt +++ b/src/azure-cli/requirements.py3.Linux.txt @@ -85,7 +85,7 @@ azure-multiapi-storage==0.5.2 azure-nspkg==3.0.2 azure-loganalytics==0.1.0 azure-storage-common==1.4.2 -azure-synapse-accesscontrol==0.2.0 +azure-synapse-accesscontrol==0.5.0 azure-synapse-artifacts==0.3.0 azure-synapse-spark==0.2.0 bcrypt==3.1.7 diff --git a/src/azure-cli/requirements.py3.windows.txt b/src/azure-cli/requirements.py3.windows.txt index c928449efe1..4c449e21d22 100644 --- a/src/azure-cli/requirements.py3.windows.txt +++ b/src/azure-cli/requirements.py3.windows.txt @@ -85,7 +85,7 @@ azure-multiapi-storage==0.5.2 azure-nspkg==3.0.2 azure-loganalytics==0.1.0 azure-storage-common==1.4.2 -azure-synapse-accesscontrol==0.2.0 +azure-synapse-accesscontrol==0.5.0 azure-synapse-artifacts==0.3.0 azure-synapse-spark==0.2.0 bcrypt==3.1.7 diff --git a/src/azure-cli/setup.py b/src/azure-cli/setup.py index b2ab2c5d162..d55b2fa9e42 100644 --- a/src/azure-cli/setup.py +++ b/src/azure-cli/setup.py @@ -128,7 +128,7 @@ 'azure-multiapi-storage~=0.5.2', 'azure-loganalytics~=0.1.0', 'azure-storage-common~=1.4', - 'azure-synapse-accesscontrol~=0.2.0', + 'azure-synapse-accesscontrol~=0.5.0', 'azure-synapse-artifacts~=0.3.0', 'azure-synapse-spark~=0.2.0', 'fabric~=2.4',