Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data Factory and Purview account are not connected #114

Open
zeinab-mk opened this issue May 7, 2021 · 7 comments
Open

Data Factory and Purview account are not connected #114

zeinab-mk opened this issue May 7, 2021 · 7 comments
Assignees
@marvinbuss
Labels
blocked Blocked item feature Feature Requests

Comments

@zeinab-mk
Copy link

After the deployment is completed, I did not see the catalogUri tag on the ADF resource and ADF connection was in Disconnected status in Azure Purview.

image

image
@marvinbuss
Copy link
Collaborator

marvinbuss commented May 7, 2021
edited

That is a good point. We will add the role assignment to the ARM templates, so that Purview has automatically access. We will probably give the MSI access to the overall subscription in order to also be able to scan all kinds of data sources.

Optimally, we would add the Purview MSI as Reader to the Management Group to scan all kinds of data assets within the tenant. However, this is not something we can perform automatically without the right access rights.

Therefore, I would suggest to add it to each Landing Zone as part of the Landing Zone deployment. @mboswell any thoughts or do you agree?

@marvinbuss marvinbuss transferred this issue from Azure/data-management-zone May 7, 2021
@marvinbuss marvinbuss added the feature Feature Requests label May 7, 2021
@marvinbuss marvinbuss mentioned this issue May 7, 2021
Closed
@marvinbuss
Copy link
Collaborator

Same issue as #115.

@marvinbuss
Copy link
Collaborator

This actually requires to add the MSI of Data Factory as "Purview Data Curator". This is not required for Synapse. Follow-up required from my side.

@marvinbuss marvinbuss added the backlog Backlog item label Aug 6, 2021
@marvinbuss
Copy link
Collaborator

We will not add this for now, since SHIR and Service Principal are required anyways for scans, if all services are behind private endpoints (e.g. Purview, Synapse, Data Factory, etc.). Therefore, we will hold off for now, since this is not something that is actually required when using private endpoints end-to-end.

@marvinbuss
Copy link
Collaborator

#190 will add private link connectivity for ADF. Synapse does not expose private endpoints via ARM and hence we cannot automate the setup in Synapse.

@marvinbuss marvinbuss added committed Committed item and removed backlog Backlog item labels Oct 24, 2021
@marvinbuss marvinbuss added this to the v1.2.0 milestone Oct 24, 2021
@marvinbuss marvinbuss added blocked Blocked item and removed committed Committed item labels Oct 26, 2021
@marvinbuss marvinbuss removed this from the v1.2.0 milestone Oct 26, 2021
@marvinbuss
Copy link
Collaborator

All the role assignments for Purview now have been moved into the data plane. Hence, without using self-hosted agents, we are not able to access a private Purview instance. That means that we cannot make any role assignments from ARM to a collection other than the collection Admin role assignment to the root collection. I summary, that means that all ADF and Synapse role assignments have to be executed manually today.
A user has to execute this via the Purview Portal today.

@marvinbuss marvinbuss mentioned this issue Oct 26, 2021
Closed
@marvinbuss
Copy link
Collaborator

Update: I am working on Full Automation of Lineage and Data Source onboarding here: https://github.com/marvinbuss/PurviewAutomation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marvinbuss marvinbuss

Labels
blocked Blocked item feature Feature Requests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zeinab-mk @marvinbuss