A company uses Azure Synapse Analytics dedicated SQL pool. They need to ensure that only users with a specific Azure AD group can query a particular schema. Which approach should they use?
Trap 1: Configure a server-level firewall rule to block other users.
Firewall rules control network access, not database permissions.
Trap 2: Create a row-level security policy on all tables in the schema.
Row-level security restricts rows, not schema access.
Trap 3: Apply dynamic data masking to the schema.
Dynamic data masking hides data but does not prevent querying the schema.
- A
Configure a server-level firewall rule to block other users.
Why wrong: Firewall rules control network access, not database permissions.
- B
Use the GRANT statement to grant SELECT on the schema to the Azure AD group.
GRANT schema permission controls access at schema level.
- C
Create a row-level security policy on all tables in the schema.
Why wrong: Row-level security restricts rows, not schema access.
- D
Apply dynamic data masking to the schema.
Why wrong: Dynamic data masking hides data but does not prevent querying the schema.