I have
Azure Synapse Workspace/Analytics setup ( that has built-in serverless pool)
Have Purview account ([Orange-account]) , in which having Purview Studio acccess
I have registered my Synapse Analytics on Purview Studio
I have created database mango in serverless pool
I have granted "Synapse Administrator" access to the [Orange-account]( in Synapse workspace)
Executed this from mango database
CREATE USER [Orange-account] FROM EXTERNAL PROVIDER
Executed this from master database
EXEC sp_addrolemember 'db_owner', [Orange-account]
I am trying to initiate a Scan - so that I could fetch all meta data information from Azure Synapse Serverless pool database mango. But I am unable to create the scan event - as it gives permission issue.
Sharing more details with snapshot below
Snapshot of Sources tab in Purview Studio looks as below
I dont see any database listed in the "Database Name" drop down
I entered the database manually and tried "Test Connection" ; that ends up with
Error: (3867) Failed to access the Azure SQL data warehouse. The given credential has not been applied or does not have permission on the target database.Learn more
What else can be causing this access issue here?
At ths time the only the dedicated pools is supported . Please see here . Working is in progress for supporting serverless also.
The latest docs recommend the following...
"Add the Azure Purview account MSI (represented by the account name) as sysadmin on the serverless SQL databases by running the command below in your SQL script:"
CREATE LOGIN [PurviewAccountName] FROM EXTERNAL PROVIDER;
ALTER SERVER ROLE sysadmin ADD MEMBER [PurviewAccountName];
More info here: Using Managed identity for Serverless SQL databases
I have followed this link and have gotten a successful scan:
https://learn.microsoft.com/en-gb/azure/purview/register-scan-azure-synapse-analytics
You might want to check that
You have assigned Purview MSI to Reader in both Synapse
You have assigned Purview MSI as Blob Storage Reader at the Storage resource
You have created the user/login for Purview MSI and added it to db_reader on your dedicated/serverless pool
Good luck!
I think you need to grant your Purview account read access first.
Related
Hi I'm am trying to follow Microsoft's guidance to download the TFSFieldMapping file in order that I can make changes (https://learn.microsoft.com/en-us/azure/devops/reference/xml/upload-or-download-the-microsoft-project-mapping-file?view=tfs-2018)
Unfortunately I keep getting the error "Access is denied" when I try to connect to my collection and project
CD C:\Program Files\Common Files\microsoft shared\Team Foundation Server\16.0>TFSFieldMapping.exe download /collection:https://dev.azure.com/(My Company) /teamproject:(My Project)/mappingfile:"C:\Users\danie\Downloads\Test1234.xml"
"Access is denied"
That documentation appears to be for TFS (on-premise). Based on the URL, it looks like you are utilizing Azure DevOps Services. It seems to be a deprecated function, probably because of the way the field templates have been overhauled for work item forms.
Agree with Matt. TFSFieldMapping is only supports TFS 2018 and previous versions. Because their process is Hosted XML Process. Starting from Azure Devops Server 2019 and azure devops service, they use the inherited process. So they doesn't support the TFSFieldMapping.
From the URL in the TFSFieldMapping command, it seems that you are using the Azure Devops Service.
To change the Project field, you can create an inherited process and let the project use it. Then you can perform custom operations (e.g. Custom field) on the inherited process.
You could custom the field in Organization Settings -> Process.
Here is a doc about the detailed steps.
You could also use Rest API to Get and Update the field.
Get Work item field:
GET https://dev.azure.com/{organization}/{project}/_apis/wit/fields?api-version=5.1
Update Work item field:
PATCH https://dev.azure.com/{organization}/{project}/_apis/wit/fields/{fieldNameOrRefName}?api-version=4.1
Note: Corresponding to the inheritance process, you need to inherit first and then customize
I am trying to do a GET API call to get specific pipeline run history. The API URL is as follows
APIEndpoint/api/v3/namespaces/default/apps/DataPipeline_name/workflows/DataPipelineWorkflow/runs?limit=1
This API call needs a access token which I get by the command line
gcloud print-access-token
The above works fine on a Basic Edition
When I run this on enterprise edition instance, I get the following error
I need help here as to how I make this CDAP API call successfully.
Since the project of the Enterprise Edition of Cloud Data Fusion is different, you need to make sure that the account you logged in the gcloud has the correct permission to the Cloud Data Fusion instance. You need to grant the service account with the roles/datafusion.viewer.
You can read more about access control here
I'm not sure what caused the problem. But now it is working absolutely fine.
Maybe the permissions were an issue / there was something changed on the GCP Project.
Thanks for all your answers. Those make complete sense to check
I am running through my disaster recovery process for TFS 2017/18 and am trying to restore the databases to the SQL server 2016 instance on the same machine as the TFS Admin tool.
I am using the TFS Administration Tool to take the full backups and also to restore them.
The issue is that after the ReportServer and ReportServerTmp DBs get restored, the TFS_Warehouse and other TFS_ databases hang while doing the restore.
The log file shows the error message: Login Failed for user 'domain\machinename$' Reason: Failed to open the explicitly specified database 'ReportServer'. [CLIENT: ]
The SQL Server has the NT Authority/Network Service account and I have also tried giving it 'domain\machinename$' as well.
I have compared it to another Virtual Machine that has a standard installation of SQL Server and TFS Server on it and I cannot see any obvious difference.
Does anyone know of a solution for this?
Regards
Based on the error message "Login Failed for user 'domain\machinename$' Reason: Failed to open the explicitly specified database 'ReportServer'. [CLIENT: ]".
Seems the related database had been dropped (database missed) or there is any service is trying to access the database which does not exist.
That means you did not restore the databases correctly or you did not really full back up the databases correctly. And when you use SSMS and manually restore each database, the related database online again, so it works.
Yes we recommend use the Scheduled Backups feature wizard to backup or restore the DBs. However you need to note below things:
You can use the backups you made of the original deployment to restore
the data from that deployment to the new server. When restoring the
data, be sure to restore all databases and the SharePoint Farm to the
same point in time. If you followed the guidance in Create a backup
schedule and plan, you used the Scheduled Backups feature to
create your backups. You will use these backups to restore your data.
If you manually configured your backups, you cannot use the Restore
wizard in Scheduled Backups to restore those databases. You must
manually restore them using the software you used to back them up.
Source : Restore the databases
Generally, we can use the SQL Server Profiler to trace the error, then debug accordingly. Within SQL Server Management Studio , choose Tools menu and then SQL Profiler with Audit Login/Logout, User Error Message events selected and check the relative entries of login fails. See below threads for details:
SQL Server Error 18456: Finding the Missing Databases
Login failed for user 'domain\username'. Reason: Failed to open the
explicitly specified database. [CLIENT: ]
UPDATE:
For the account issue, please refer to the Required permissions part in this article :Restore the databases. Just add the TFS service account as the sysadmin role, then try it again.
Required permissions
To perform these procedures, you must be a member of the following
groups or have the following permissions:
A member of the Administrators security group on the server.
Either a member of the SQL Server System Administrator security group, or your SQL Server Perform Back Up and Create Maintenance
Plan permission must be set to Allow.
A member of the sysadmin security group for the databases for Team Foundation.
A member of the Farm Administrators group.
I'm trying to setup Nightly Backups for my TFS 2012.4 development box going off to another server, but it's failing.
The server is has SQL Express and TFS Express on it, trying to send the backups over to a network path on another share.
When going through the Wizard it will successfully pass all of the Readiness Checks, including permissions. It will fail when it tries to run the backup job for the first time under Confirming Permissions.
Error is:
TF401002: The SQL Server Database Engine failed to save the database
backup to path \[share]\c$\TFSBackup. Please grant SQL service
account read/write access to that folder.
I've tried adding "Everyone" with full control to the folder on the backup server, but it still fails with the same error.
Added the full log to http://pastebin.com/80PrYXqx
This may be a problem with using the administrative share path of c$. I suggest you go to your [share] server and make the TFSBackup folder a shared folder, and give your share the appropriate permissions.
Then you can change this:
\\[share]\c$\TFSBackup
To something like this(depending on what you name your share):
\\[share]\TFSBackup$
I know it's an old post, but just incase anyone else has issues. I had the same issue configuring backups. The following resolved it for me:
1) Open up "Services" and note the "Log On As" user for "Sql Server" and "Sql Server Agent"
2) On the folder that your backups are being saved to, go to Properties -> Security -> Edit
3) Add the users from #1, and check "Full Control", Save
I have a prod domain and a test domain, unfortunately in the only part I can install TFS ins a virtual machine in the test domain.
The question is, as developers, can we still access the tfs for source control? As far as I know it will use the windows credentials when connecting and those credentials wont exist in the test environment.
What can you suggest?
Yes, Team Explorer clients will try to authenticate with the default Windows credentials to the TFS server. If you're on different domains (and there's no trust relationship between them) then this authentication will fail and you'll be prompted to enter your username/password for the TFS server.
If you don't wish to be prompted each time, you can set up credentials for the server in the Windows Credential Manager in your Control Panel.