Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Reply
WDarwish
Frequent Visitor

Fabric Warehouse - Service Principal Connection

I want to build an application to write data into a Fabric Warehouse.

This article says that there are 2 ways to connection to a Fabric Warehouse SQL Endpoint:

https://learn.microsoft.com/en-us/fabric/data-warehouse/connectivity

 

In Microsoft Fabric, two types of authenticated users are supported through the SQL connection string:

  • Microsoft Entra ID (formerly Azure Active Directory) user principals, or user identities
  • Microsoft Entra ID (formerly Azure Active Directory) service principals

I am unable to find any guidance on how to configure the service principal connectivity.

Using a user principal via MFA authentication is not possible in my scenario.

 

Can someone please provide a step-by-step process to create the service principal, give it the necessary permissions in the Fabric WH, and use it to connect via the SQL endpoint?

1 ACCEPTED SOLUTION
7 REPLIES 7
AndyDDC
Memorable Member
Memorable Member

hi @WDarwish @I don't think there's any specific documentation in the fabric docs, but you can follow this guide here to create a service principal https://learn.microsoft.com/en-us/purview/create-service-principal-azure

 

then you give the service principal the required permissions in the workspace or on the warehouse itself.

 

then to use the service principal is going to depend on your application

I actually created the principal as per this very same guide. I cannot get that principal to show up within Fabric WH when sharing or setting permissions.

Great find! Exactly what I was after. Managed to authenticate using the principal and got things running. Thank you.

I am trying to achieve the exact similar thing, however when authenticating with 

ClientSecretCredential in python, I am unable to write to the warehouses. I am able to read from the same warehouses though.
 
More specifically, I get the following Error:
The INSERT permission or external policy action 'Microsoft.Sql/Sqlservers/Databases/Schemas/Tables/Rows/Insert' was denied on the object '[table]', database '[warehouse name]', schema 'dbo'.
 
When using AzureCliCredential, this problem does not persist. 
 
I have tried making the service principle admin (similar to my az credentials), but that also did not help.
 
Any clue how to have the service principle write to the warehouse?
kind regards,
Kjell

Hi @kjellvs how are you trying to write to the Warehouse? If you are trying to write to the storage directly it won't work, inserts into the warehouse can only be done via the sql endpoint of the warehouse - just checking to see how you're inserting so please forgive me if you already know this 

Hi Andy, thank you for the reply. I was indeed trying to write via the SQL endpoint.

 

I found a fix by giving:
GRANT INSERT ON SCHEMA::dbo TO public;

 

I didn't know I had to configure these additional rights.

 

Kind regards,

Kjell

Helpful resources

Announcements
Europe Fabric Conference

Europe’s largest Microsoft Fabric Community Conference

Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.

AugFabric_Carousel

Fabric Monthly Update - August 2024

Check out the August 2024 Fabric update to learn about new features.

September Hackathon Carousel

Microsoft Fabric & AI Learning Hackathon

Learn from experts, get hands-on experience, and win awesome prizes.

Sept NL Carousel

Fabric Community Update - September 2024

Find out what's new and trending in the Fabric Community.