![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 96%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,612 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 8%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
Hi @JayZee64
Thanks for the question and using MS Q&A platform.
To create a role in Synapse that allows users to have admin access but blocks access to particular pipelines and linked services, you can use Azure RBAC (Role-Based Access Control) to define a custom role with the necessary permissions.
- Open the Azure Synapse Analytics workspace in the Azure portal.
So, here’s what I did, but at the Subscription level:
- Click on the relevant Subscription.
- Click on Access Control (IAM)
- Click Add -> Add Custom Role
- Give the custom role a name (e.g. "Restricted Admin") and a description.
- Under "Permissions", select the "Microsoft.Synapse/workspaces/" resource provider and grant the "Microsoft.Authorization//read" permission. This will allow users with this role to view the Synapse workspace and its resources.
- Under "Permissions", select the "Microsoft.Synapse/workspaces/linkedServices/" resource provider and grant the "Microsoft.Authorization//read" permission. This will allow users with this role to view the linked services in the Synapse workspace.
- Under "NotActions", select the "Microsoft.Synapse/workspaces/pipelines/" resource provider and deny the "Microsoft.Authorization//read" permission. This will block users with this role from viewing the pipelines in the Synapse workspace.
- Under "NotActions", select the "Microsoft.Synapse/workspaces/linkedServices/" resource provider and deny the "Microsoft.Authorization//read" permission. This will block users with this role from viewing the linked services in the Synapse workspace.
- Click "Review + create" to create the custom role.
- Assign the custom role to the users who need admin access but should be blocked from viewing the pipelines and linked services related to the new data source.
Refer this article for more information: https://video2.skills-academy.com/en-us/azure/synapse-analytics/security/synapse-workspace-synapse-rbac-roles
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.