User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

Azure SQL Connection

Create a source

First, create a new data source.

  1. Navigate to Data Catalog > Sources.

  2. Select Create.

  3. Provide the following:

    • Name: The source name.

    • Description: A description of the source.

    • Deployment (Optional): Choose the deployment type.

      You can add new values if needed. See Lists of Values.
    • Stewardship: The source owner and roles. For more information, see Stewardship.

Alternatively, add a connection to an existing data source. See Connect to a Source.

Add a connection

  1. Select Add Connection.

  2. In Select connection type, choose Relational Database > MSSQL Server.

    Unlike other data sources, Azure SQL does not have its own entry in the list of relational databases. Use MSSQL Server and follow the instructions on this page to connect to the respective databases.
  3. Provide the following:

    • Name: A meaningful name for your connection. This is used to indicate the location of catalog items.

    • Description (Optional): A short description of the connection.

    • Dpe label (Optional): Assign the processing of a data source to a particular data processing engine (DPE) by entering the DPE label assigned to the engine. For more information, see DPM and DPE Configuration in DPM Admin Console.

    • JDBC: A JDBC connection string pointing to the IP address or the URL where the data source can be reached. For a list of supported sources and JDBC drivers, see Supported Data Sources.

      You can add a property to this connection string to authenticate with Azure AD Service Principle. See Azure AD Service Principal via connection string.
  4. In Spark processing, select Spark enabled if you want to process large volumes of data using your Spark cluster. This improves how ONE works with relational databases during profiling and data quality tasks.

    1. If selected, choose the Spark processing method:

      • JDBC: ONE Spark DPE creates a number of JDBC connections directly to the database to process data in parallel.

      • SPARK_CONNECTOR: ONE Spark DPE sources the data via another data provider, such as an ADLS Gen2 container or Amazon S3 bucket. This method might be faster for very large datasets.

    2. Select the Spark cluster to process your data.

      Only previously configured clusters are shown in ONE.

      To add and configure a new cluster, refer to Metastore Data Source Configuration and Metastore Connection.

  5. In Additional settings:

    • Select Enable exporting and loading of data if you want to export data from this connection and use it in ONE Data or outside of ONE.

      If you want to export data to this source, you also need to configure write credentials as well.
      Consider the security and privacy risks of allowing the export of data to other locations.

Add credentials

  1. Select Add Credentials.

  2. Choose an authentication method and proceed with the corresponding step:

These sections include references to Azure AD, which you might also know as Microsoft Entra ID.

Username and password

  1. Select Username and password.

  2. Provide the following:

    Username and password
    • Name (Optional): A name for this set of credentials.

    • Description (Optional): A description for this set of credentials.

    • Select a secret management service (optional): If you want to use a secret management service to provide values for the following fields, specify which secret management service should be used. After you select the service, you can enable the Use secret management service toggle and provide instead the names the values are stored under in your key vault. For more information, see Secret Management Service.

    • Username: The username for the data source. Alternatively, enable Use secret management service and provide the name this value is stored under in your selected secret management service.

    • Password: The password for the data source. Alternatively, enable Use secret management service and provide the name this value is stored under in your selected secret management service.

  3. If you want to use this set of credentials by default when connecting to the data source, select Set as default.

    One set of credentials must be set as default for each connection. Otherwise, monitoring and DQ evaluation fail, and previewing data in the catalog is not possible.
  4. Proceed with Test the connection.

Azure AD Service Principal via connection string

This method is supported only for version 10.2 and newer of SQL Server JDBC driver. For older versions, see Azure AD Service Principal via driver properties.
  1. In the connection details, add the property authentication=ActiveDirectoryServicePrincipal to the JDBC connection string. For example jdbc:sqlserver://at…​33;database=database-name;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;authentication=ActiveDirectoryServicePrincipal.

  2. In Credentials, select Username and password and provide the following:

    • Username: Your client_id

    • Password: Your client_secret

  3. If you want to use this set of credentials by default when connecting to the data source, select Set as default.

    One set of credentials must be set as default for each connection. Otherwise, monitoring and DQ evaluation fail, and previewing data in the catalog is not possible.
  4. Proceed with Test the connection.

Azure AD Service Principal via driver properties

This method can be used for older JDBC drivers which can’t authenticate via the connection string.
  1. Select Integrated credentials and provide the following:

    • Name (Optional): A name for this set of credentials.

    • Description (Optional): A description for this set of credentials.

  2. If you want to use this set of credentials by default when connecting to the data source, select Set as default.

    One set of credentials must be set as default for each connection. Otherwise, monitoring and DQ evaluation fail, and previewing data in the catalog is not possible.
  3. Use Add Driver property to add the following driver properties:

    Driver property name Driver property type Encrypted Value Content

    authentication

    Value

    False

    ActiveDirectoryServicePrincipal

    n/a

    AADSecurePrincipalId

    Value

    False

    <service principal client ID (UUID format)>

    n/a

    AADSecurePrincipalSecret

    Value

    True

    <service principal client secret>

    n/a

    When adding these properties in the app, the following format is used:

    Add driver properties

    In the case of the first property above you enter:

    • Driver property name: authentication

    • Driver property type: value

    • Encrypted: false

    • Value: ActiveDirectoryServicePrincipal

    Repeat this process for each of the properties in the code block. Always select Encrypted for client secrets and other sensitive information.

  4. Proceed with Test the connection.

Azure AD Managed Identity via driver properties

If you want to use Azure AD Managed Identity, Data Processing Engine (DPE) must be installed in your Azure cloud subscription on a virtual machine (VM) instance, and a Managed Role must be assigned in the Microsoft Azure Portal. To fulfill this requirement, if you are using the Cloud Portal, DPE must be installed in hybrid mode. See Hybrid Deployment.

If you have multiple DPEs running, you might need to specify additional constraints. See Constraints Configuration.

  1. Select Integrated credentials and provide the following:

    • Name (Optional): A name for this set of credentials.

    • Description (Optional): A description for this set of credentials.

  2. If you want to use this set of credentials by default when connecting to the data source, select Set as default.

    One set of credentials must be set as default for each connection. Otherwise, monitoring and DQ evaluation fail, and previewing data in the catalog is not possible.
  3. Use Add Driver property to add the following driver properties:

    Driver property name Driver property type Encrypted Value Content

    authentication

    Value

    False

    ActiveDirectoryManagedIdentity

    n/a

Azure AD Service Principal via Service Principal Certificate authentication

  1. In Credentials, select Username and password and provide the following:

    • Username: Your client_id

    • Password: Enter a value at random, this is not used in the connection.

  2. If you want to use this set of credentials by default when connecting to the data source, select Set as default.

    One set of credentials must be set as default for each connection. Otherwise, monitoring and DQ evaluation fail, and previewing data in the catalog is not possible.
  3. Use Add Driver property to add the following driver properties:

    Driver property name Driver property type Encrypted Value Content

    authentication

    Value

    False

    ActiveDirectoryServicePrincipalCertificate

    n/a

    clientCertificate

    File

    True

    n/a

    Upload your .crt file

    clientKey

    File

    True

    n/a

    Upload your .key file

    clientKeyPassword (optional)

    Value

    True

    <password>

    n/a

  4. Proceed with Test the connection.

Add write credentials

Write credentials are required if you want to export data to this source.

To configure these, in Write credentials, select Add Credentials and follow the corresponding step depending on the chosen authentication method (see Add credentials).

Make sure to set one set of write credentials as default. Otherwise, this connection isn’t shown when configuring data export.

Test the connection

To test and verify whether the data source connection has been correctly configured, select Test Connection.

If the connection is successful, continue with the following step. Otherwise, verify that your configuration is correct and that the data source is running.

Save and publish

Once you have configured your connection, save and publish your changes. If you provided all the required information, the connection is now available for other users in the application.

In case your configuration is missing required fields, you can view a list of detected errors instead. Review your configuration and resolve the issues before continuing.

Next steps

You can now browse and profile assets from your connection.

In Data Catalog > Sources, find and open the source you just configured. Switch to the Connections tab and select Document. Alternatively, opt for Import or Discover documentation flow.

Or, to import or profile only some assets, select Browse on the Connections tab. Choose the assets you want to analyze and then the appropriate profiling option.

Was this page useful?