Is it possible to use ADF pipeline to call MS Graph API (get user by email) by passing a set of userPrincipalName values from a Source (eg: Azure Table Storage)? Please provide an example.
This is what I have tried: I added Office 365 Linked Service. I have a copy data activity to copy data to Table Storage. Then I have added a Web activity. What dataset should I include in the settings? Also, how would I pass values from Azure Table Storage to Web activity?
Related
This is regarding the access issue that I am facing in reading the data residing in ADLS Gen-2 from Synapse Analytics Serverless Pool.
I have full access on Synapse Studio
I have "Storage Blob Data Contributor" on the container/folder where my parquet file is residing
While I try to below SQL ( with right ADLS name along with folder/container details)
SELECT
TOP 100 *
FROM
OPENROWSET(
BULK 'https://.dfs.core.windows.net/<container_name>////2009/DIM_INFO_2009.parquet',
FORMAT='PARQUET'
) AS [result]
I get below message -
File 'https://.dfs.core.windows.net/<container_name>////2009/DIM_INFO_2009.parquet' cannot be opened because it does not exist or it is used by another process.
When I try the same scenario by creating the external table ( which points to the same parquet file) and uses MANAGED IDENTITY as credentials - the results are being displayed as expected.
So - I am wondering, what is causing this issue - when I try to run the SQL and make the results get displayed. I was hoping with having Storage Blob Data Contributor - it should allow me to access the data on ADLS from Synapse Studio Serverless Pool.
Any hints on what might be causing this issue ?
For AAD passthrough auth make sure you also follow these steps to allow Synapse Serverless to get past the ADLS firewall with an identity other than the MSI.
If the PowerShell approach above doesn’t appeal to you then it is also now available in the Azure Portal UI.
We are having multi tenant web application designed in asp.net mvc. Our database is stored on Azure. We have created security policy in the database so no client can see data of another client, and in every table we have tenant id for each entry.
We have created some dashboards using power bi, data is being accessed using sql stored procedure which has tenant id parameter.for testing purpose i supply tenant id while running dashboards inside power bi desktop. Now we are trying to integrate those dashboards to our web application. for this we have done necessary changes in the web.config file.
Issue is how will we supply tenantID for which user is logged in to power bi so that user can see data for that particular client only?
Thanks in advance.
It depends on the storage mode of your report (Imported or DirectQuery) and how it will be integrated in your app (Embedded API, Publish to web (public) or Secure embed).
If the storage mode is Imported, this means that your report contains a copy of the data. The consequence is that you can't query the database and get the data based on the current user, because the copy of the data is one and it is shared with all users, which are looking at your report. So the data should be for all tenants and you must filter it in each users session. The filtering can be made in two ways - by adding a "normal" report level filter or by implementing Row-level security (RLS).
Filtering can be achieved by passing the filter in the URL or defining the filter in the embedded configuration. First one can be used with Secure embed, while the later one is applicable when using Embedded API. Note, that Publish to web method doesn't support URL filters. Important part is that the filter added this way will be visible in the Filters pane and the user can modify it or remove it (so it's not a good way to secure your data). If you are embedding the report using the API, you can hide the Filters pane by setting filterPaneEnabled: false in the embed config, but this will also hide all other filters and the end user will be able to slice the data only with the visuals provided by you (e.g. slicers in the report). Also note, that secure embed requires each of the viewers of your report to have Power BI Pro license
(or if the workspace where you publish the report has a dedicated capacity assigned, i.e. Power BI Premium or Power BI Embedded, a Power BI Free license).
With RLS, you will include all the data for all tenants in your report, and Power BI will filter it for you, so the user will see only the data relevant for his tenant. This can be made it two ways - define a role for each tenant and include your end users in the corresponding role, or use userprincipalname() DAX function in your report to filter the data based on the current user.
My recommendation is to use RLS, and the benefit in this case is that there will be a single report to embed and no parameters needs to be passed to it from your app at all.
I'm trying to configure Azure Data Lake Store Gen1 (ADLS) as a Data Source in a Data Virtualization software (Tibco's).
Reading through the Azure documentation, I got to the webhdfs/v1/ endpoint associated with ADLS and managed to simulate the (non-standard, since it requieres an additional "resource" parameter) OAuth2 authentication needed within Postman. All good so far.
I am guessing that the connection should be configured as an OData service, since the OData connector within TDV (Tibco DV) has an "Azure AD resource" parameter that should be used only if you are trying to authenticate through azure's active directory (the non-standard part from before). However I am failing to configure this connection.
This must be because of one of these reasons:
The /webhdfs/v1/ endpoint is NOT an OData service.
I am wrongly configuring the OData connector in TDV.
In any case, how can I connect to this repository and introspect everything behind it? list folders, files, and all that within TDV?
Some suggestions I have stumbled upon are using the Hive connectors or the REST connector, but after trying I still feel closer to success with OData.
I've created an Azure IoT Central solution, where I successfully registered an IoT device. I'm able to save telemetry/status/event data for the device, however I could not find an option to query the existing data using .NET code. For example I would like to query the telemetry data for the last month using C#.
Is it not supported by the SDK?
In order to query the telemetry data for the last month you will need to export that to a Blob Storage or routing it to another DB (like Cosmos DB). The supported way to export your data in Azure IoT Central is described here.
You can then leverage REST API on your c# code to extract the data from your devices.
Read Avro files by using C#
Azure Storage samples using .NET
Azure Cosmos DB: .NET examples for the SQL API
Using PHP and the Microsoft Graph API I'm fetching a user by querying:
https://graph.windows.net/<tenant>/users/<userId>?api-version=2013-11-08
This works fine, but only returns the standard fields for the user object. According to the documentation I'm supposed to be able to use $select=* to get all the user data, like this:
https://graph.windows.net/<tenant>/users/<userId>?$select=*&api-version=2013-11-08
However this gives me the following error:
{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"The ability to use the $select query option to define a projection in a data service query is disabled. To enable this functionality, set the DataServiceConfiguration. AcceptProjectionRequests property to true."}}}
How can I enable "AcceptProjectionRequests"? I find nothing about this in the documentation or in other SO-threads.
The APIs you are referencing above are Azure AD Graph which is different than the Microsoft Graph APIs. It might be worth your time to have a look at the Microsoft Graph APIs and consider transitioning away from Azure AD Graph. The general guidance from the Azure AD Graph team recommends using the Microsoft Graph instead of the Azure AD Graph. You can read more about the differences and the Azure AD guidance here.
Having said that, Azure AD Graph does not support $select (as stated in the blog posting I linked to above). Microsoft Graph does support $select for doing query projections (see Microsoft Graph or Azure AD).
Currently (as of 7/8/2016) Microsoft Graph supports most of the directory features that Azure AD Graph supports, but not all. In some cases, Microsoft Graph supports functionality that is not in Azure AD Graph (such as ability to make $select projection queries).
Per OData spec, $select=* can either return all entity properties or a default set of properties (provided the default set contains all key properties). The Microsoft Graph implementation is the latter and it will return a set of key properties. In order to get all the necessary properties you need, you will need to explicitly request the entire list you want unless they happen to be within the default set.