Data source can have credential that enables external tables to access only the files on Azure storage using SAS token or workspace Managed Identity - For examples, see the Develop storage files storage access control article.
External data sources without credential in SQL pool can also use callers Azure AD identity to access files on storage. External data source with credential use identity specified in credential to access files.
In SQL pool, database scoped credential can specify custom application identity, workspace Managed Identity, or SAK key.
In SQL on-demand, database scoped credential can specify caller's Azure AD identity, workspace Managed Identity, or SAS key.
Reference: Create and query external tables from a file in Azure Data Lake
Hope this helps. Do let us know if you any further queries.
Do click on "Accept Answer" and Upvote on the post that helps you, this can be beneficial to other community members.