Skip to content

Latest commit

 

History

History
271 lines (151 loc) · 11.6 KB

module02b.md

File metadata and controls

271 lines (151 loc) · 11.6 KB
Raw

Module 02 - Register & Scan (Azure SQL DB)

< Previous Module - Home - Next Module >

📢 Introduction

To populate Microsoft Purview with assets for data discovery and understanding, we must register sources that exist across our data estate so that we can leverage the out of the box scanning capabilities. Scanning enables Microsoft Purview to extract technical metadata such as the fully qualified name, schema, data types, and apply classifications by parsing a sample of the underlying data.

In this module, you'll walk through how to register and scan data sources. You'll create a new collection for your first data source, upload data and configure scanning. By the end of this module you'll have technical metadata, such as schema information, stored in Purview. You can use this to start linking to business terms, allowing your team members to find data more easily.

🤔 Prerequisites

🎯 Objectives

  • Register and scan an Azure SQL Database using SQL authentication credentials stored in Azure Key Vault.

📑 Table of Contents

# Section Role
1 Key Vault Access Policy #1 (Grant Yourself Access) Azure Administrator
2 Key Vault Access Policy #2 (Grant Microsoft Purview Access) Azure Administrator
3 Generate a Secret Azure Administrator
4 Add Credentials to Microsoft Purview Microsoft Purview Administrator
5 Register a Source (Azure SQL DB) Data Source Administrator
6 Scan a Source with Azure Key Vault Credentials Data Source Administrator
7 View Assets Data Reader

1. Key Vault Access Policy #1 (Grant Yourself Access)

💡 Did you know?

Azure Key Vault is a cloud service that provides a secure store for secrets. Azure Key Vault can be used to securely store keys, passwords, certificates, and other secrets. For more information, check out About Azure Key Vault.

Before we can add secrets (such as passwords) to Azure Key Vault, we need to set up an Access Policy. The access policy being created in this particular step, ensures that our account has sufficient permissions to create a secret, which will later be used by Microsoft Purview to perform a scan.

  1. Navigate to your Azure Key Vault resource and click Access policies.

    Access Policies

  2. Click ➕ Create.

    Add Access Policy

  3. Under Secret permissions, click Select all. Then, click Next.

    Secret Permissions

  4. Search for your account name, select your account name from the search results, then click Next.

    Search Principal

  5. Skip the Application (optional) page by clicking Next again.

  6. Review your selections then click Create.

    Review Access Policy

2. Key Vault Access Policy #2 (Grant Microsoft Purview Access)

In this next step, we are creating a second access policy which will provide Microsoft Purview the necessary access to retrieve secrets from the Key Vault.

  1. Navigate to your Azure Key Vault resource and click Access policies.

    Access Policies

  2. Click ➕ Create.

    Add Access Policy

  3. Under Secret permissions, select Get and List. Then, click Next.

    Secret Permissions

  4. Search for the name of your Microsoft Purview account (e.g. pvlab-{randomID}-pv), select the item, then click Next.

    Search Principal

  5. Skip the Application (optional) page by clicking Next again.

  6. Review your selections then click Create.

    Review Access Policy

3. Generate a Secret

In order to securely store our Azure SQL Database password, we need to generate a secret.

  1. Navigate to Secrets and click Generate/Import.

    Generate Secret

  2. Copy and paste the values below into the matching fields and then click Create.

    Name

    sql-secret

    Value

    sqlPassword!

    Create Secret

4. Add Credentials to Microsoft Purview

To make the secret accessible to Microsoft Purview, we must first establish a connection to Azure Key Vault.

  1. Open the Microsoft Purview Governance Portal, navigate to Management Center > Credentials, click Manage Key Vault connections.

    Manage Key Vault Connections

  2. Click New.

    New Key Vault Connection

  3. Copy and paste the value below to set the name of your Key Vault connection, and then use the drop-down menu items to select the appropriate Subscription and Key Vault name, then click Create.

    Name

    myKeyVault

    Create Key Vault Connection

  4. Since we have already granted the Microsoft Purview managed identity access to our Azure Key Vault, click Confirm.

    ALT

  5. Click Close.

    ALT

  6. Under Credentials click New.

    ALT

  7. Using the drop-down menu items, set the Authentication method to SQL authentication and the Key Vault connection to myKeyVault. Once the drop-down menu items are set, Copy and paste the values below into the matching fields, and then click Create.

    Name

    credential-SQL

    User name

    sqladmin

    Secret name

    sql-secret

    ALT

5. Register a Source (Azure SQL DB)

  1. Open the Microsoft Purview Governance Portal, navigate to Data map > Sources, and click Register.

    ALT

  2. Search for SQL Database, select Azure SQL Database, and click Continue.

    ALT

  3. Select the Azure subscritpion, Server name, and Collection. Click Register.

    ALT

6. Scan a Source with Azure Key Vault Credentials

  1. Open the Microsoft Purview Governance Portal, navigate to Data map > Sources, and within the Azure SQL Database tile, click the New Scan button.

    ALT

  2. Select your Database (e.g. pvlab-{randomID}-sqldb), set the Credential to credential-SQL, turn Lineage extraction to Off, and click Test connection. Once the connection test is successful, click Continue.

    Note: If the "Test connection" appears to be hanging, click Cancel and re-try.

    ALT

  3. Click Continue.

    ALT

  4. Click Continue.

    ALT

  5. Set the trigger to Once, click Continue.

    ALT

  6. Click Save and Run.

    ALT

  7. To monitor the progress of the scan, click View Details.

    ALT

  8. Click Refresh to periodically update the status of the scan. Note: It will take approximately 5 to 10 minutes to complete.

    ALT

7. View Assets

  1. To view the assets that have materialised as an outcome of running the scans, perform a wildcard search by typing the asterisk character (*) into the search bar and hitting the Enter key to submit the query and return the search results.

    ALT

🎓 Knowledge Check

Note: This is the same knowledge check referenced in Module 2A. If you have already completed the knowledge check from the previous module, please skip this step.

https://aka.ms/purviewlab/q02

  1. What type of object can help organize data sources into logical groups?

    A ) Buckets
    B ) Collections
    C ) Groups

  2. At which point does Microsoft Purview begin to populate the data map with assets?

    A ) After a Microsoft Purview account is created
    B ) After a Data Source has been registered
    C ) After a Data Source has been scanned

  3. Which of the following attributes is not automatically assigned to an asset as a result of the system-built scanning functionality?

    A ) Technical Metadata (e.g. Fully Qualified Name, Path, Schema, etc)
    B ) Glossary Terms (e.g. column Sales Tax is tagged with the Sales Tax glossary term)
    C ) Classifications (e.g. column ccnum is tagged with the Credit Card Number classification)

🎉 Summary

This module provided an overview of how to create a collection, register a source, and trigger a scan.

Continue >