Skip to content

Files

Latest commit

v-aljev-alje
Bulk fix to change az API links from using _ to -
Mar 18, 2022
7e303ca · Mar 18, 2022

History

History
325 lines (207 loc) · 15.5 KB

share-your-data.md

File metadata and controls

325 lines (207 loc) · 15.5 KB
title description author ms.author ms.service ms.topic ms.date
Tutorial: Share outside your org - Azure Data Share
Tutorial - Share data with customers and partners using Azure Data Share
jifems
jife
data-share
tutorial
11/12/2021

Tutorial: Share data using Azure Data Share

In this tutorial, you will learn how to set up a new Azure Data Share and start sharing your data with customers and partners outside of your Azure organization.

In this tutorial, you'll learn how to:

[!div class="checklist"]

  • Create a Data Share.
  • Add datasets to your Data Share.
  • Enable a snapshot schedule for your Data Share.
  • Add recipients to your Data Share.

Prerequisites

  • Azure Subscription: If you don't have an Azure subscription, create a free account before you begin.
  • Your recipient's Azure e-mail address (using their e-mail alias won't work).
  • If the source Azure data store is in a different Azure subscription than the one you will use to create Data Share resource, register the Microsoft.DataShare resource provider in the subscription where the Azure data store is located.

Share from a storage account

  • An Azure Storage account: If you don't already have one, you can create an Azure Storage account
  • Permission to write to the storage account, which is present in Microsoft.Storage/storageAccounts/write. This permission exists in the Storage Blob Data Contributor role.
  • Permission to add role assignment to the storage account, which is present in Microsoft.Authorization/role assignments/write. This permission exists in the Owner role.

Share from a SQL-based source

Below is the list of prerequisites for sharing data from SQL source.

Prerequisites for sharing from Azure SQL Database or Azure Synapse Analytics (formerly Azure SQL DW)

  • An Azure SQL Database or Azure Synapse Analytics (formerly Azure SQL DW) with tables and views that you want to share.
  • Permission to write to the databases on SQL server, which is present in Microsoft.Sql/servers/databases/write. This permission exists in the Contributor role.
  • Azure Active Directory Admin of the SQL server
  • SQL Server Firewall access. This can be done through the following steps:
    1. In Azure portal, navigate to SQL server. Select Firewalls and virtual networks from left navigation.
    2. Select Yes for Allow Azure services and resources to access this server.
    3. Select +Add client IP. Client IP address is subject to change. This process might need to be repeated the next time you are sharing SQL data from Azure portal. You can also add an IP range.
    4. Select Save.

Prerequisites for sharing from Azure Synapse Analytics (workspace) SQL pool

    • An Azure Synapse Analytics (workspace) dedicated SQL pool with tables that you want to share. Sharing of view is not currently supported. Sharing from serverless SQL pool is not currently supported.

  • Permission to write to the SQL pool in Synapse workspace, which is present in Microsoft.Synapse/workspaces/sqlPools/write. This permission exists in the Contributor role.

  • Permission for the Data Share resource's managed identity to access Synapse workspace SQL pool. This can be done through the following steps:

    1. In Azure portal, navigate to Synapse workspace. Select SQL Active Directory admin from left navigation and set yourself as the Azure Active Directory admin.

    2. Open Synapse Studio, select Manage from the left navigation. Select Access control under Security. Assign yourself SQL admin or Workspace admin role.

    3. In Synapse Studio, select Develop from the left navigation. Execute the following script in SQL pool to add the Data Share resource Managed Identity as a db_datareader.

      create user "<share_acct_name>" from external provider;     
exec sp_addrolemember db_datareader, "<share_acct_name>";

      The <share_acc_name> is the name of your Data Share resource. If you have not created a Data Share resource as yet, you can come back to this pre-requisite later.

  • Synapse workspace Firewall access. This can be done through the following steps:

    1. In Azure portal, navigate to Synapse workspace. Select Firewalls from left navigation.
    2. Select ON for Allow Azure services and resources to access this workspace.
    3. Select +Add client IP. Client IP address is subject to change. This process might need to be repeated the next time you are sharing SQL data from Azure portal. You can also add an IP range.
    4. Select Save.

Share from Azure Data Explorer

  • An Azure Data Explorer cluster with databases you want to share.
  • Permission to write to Azure Data Explorer cluster, which is present in Microsoft.Kusto/clusters/write. This permission exists in the Contributor role.

Sign in to the Azure portal

Sign in to the Azure portal.

Create a Data Share Account

Portal

Create an Azure Data Share resource in an Azure resource group.

  1. Select the menu button in the upper-left corner of the portal, then select Create a resource (+).

  2. Search for Data Share.

  3. Select Data Share and Select Create.

  4. Fill out the basic details of your Azure Data Share resource with the following information.

    Setting Suggested value Field description
    Subscription Your subscription Select the Azure subscription that you want to use for your data share account.
    Resource group testresourcegroup Use an existing resource group or create a new resource group.
    Location East US 2 Select a region for your data share account.
    Name datashareaccount Specify a name for your data share account.

  5. Select Review + create, then Create to provision your data share account. Provisioning a new data share account typically takes about 2 minutes or less.

  6. When the deployment is complete, select Go to resource.

Azure CLI

Create an Azure Data Share resource in an Azure resource group.

Start by preparing your environment for the Azure CLI:

[!INCLUDE azure-cli-prepare-your-environment-no-header.md]

Use these commands to create the resource:

  1. Use the az account set command to set your subscription to be the current default subscription:

    az account set --subscription 00000000-0000-0000-0000-000000000000

  2. Run the az provider register command to register the resource provider:

    az provider register --name "Microsoft.DataShare"

  3. Run the az group create command to create a resource group or use an existing resource group:

    az group create --name testresourcegroup --location "East US 2"

  4. Run the az datashare account create command to create a Data Share account:

    az datashare account create --resource-group testresourcegroup --name datashareaccount --location "East US 2"

    Run the az datashare account list command to see your Data Share accounts:

    az datashare account list --resource-group testresourcegroup

PowerShell

Create an Azure Data Share resource in an Azure resource group.

Start by preparing your environment for PowerShell. You can either run PowerShell commands locally or using the Bash environment in the Azure Cloud Shell.

[!INCLUDE azure-powershell-requirements-no-header.md]

Launch Cloud Shell in a new window

Use these commands to create the resource:

  1. Use the Connect-AzAccount command to connect to your Azure account.

    Connect-AzAccount

  2. Run the Set-AzContext command to set the correct subscription, if you have multiple subscriptions.

    Set-AzContext [SubscriptionID/SubscriptionName]

  3. Run the New-AzResourceGroup command to create a resource group, or use an existing resource group:

    New-AzResourceGroup -Name <String> -Location <String>

  4. Run the New-AzDataShare command to create a Data Share account:

     New-AzDataShareAccount -ResourceGroupName <String> -Name <String> -Location <String>

    Run the Get-AzDataShareAccount command to see your Data Share accounts:

    Get-AzDataShareAccount

Create a share

Portal

  1. Navigate to your Data Share Overview page.

    Share your data

  2. Select Start sharing your data.

  3. Select Create.

  4. Fill out the details for your share. Specify a name, share type, description of share contents, and terms of use (optional).

    EnterShareDetails

  5. Select Continue.

  6. To add Datasets to your share, select Add Datasets.

    Add Datasets to your share

  7. Select the dataset type that you would like to add. You will see a different list of dataset types depending on the share type (snapshot or in-place) you have selected in the previous step. If sharing from an Azure SQL Database or Azure Synapse Analytics (formerly Azure SQL DW), you will be prompted for authentication method to list tables. Select AAD authentication, and check the checkbox Allow Data Share to run the above 'create user' script on my behalf.

    AddDatasets

  8. Navigate to the object you would like to share and select 'Add Datasets'.

    SelectDatasets

  9. In the Recipients tab, enter in the email addresses of your Data Consumer by selecting '+ Add Recipient'.

    AddRecipients

  10. Select Continue.

  11. If you have selected snapshot share type, you can configure snapshot schedule to provide updates of your data to your data consumer.

    EnableSnapshots

  12. Select a start time and recurrence interval.

  13. Select Continue.

  14. In the Review + Create tab, review your Package Contents, Settings, Recipients, and Synchronization Settings. Select Create.

Azure CLI

  1. Run the az storage account create command to create a Storage account for this Data Share:

    az storage account create --resource-group testresourcegroup --name ContosoMarketplaceAccount

  2. Use the az storage container create command to create a container inside the storage account created in the previous command:

    az storage container create --name ContosoMarketplaceContainer --account-name ContosoMarketplaceAccount

  3. Run the az datashare create command to create your Data Share:

    az datashare create --resource-group testresourcegroup \
  --name ContosoMarketplaceDataShare --account-name ContosoMarketplaceAccount \
  --description "Data Share" --share-kind "CopyBased" --terms "Confidential"

  4. Use the az datashare invitation create command to create the invitation for the specified address:

    az datashare invitation create --resource-group testresourcegroup \
  --name DataShareInvite --share-name ContosoMarketplaceDataShare \
  --account-name ContosoMarketplaceAccount --target-email "jacob@fabrikam"

PowerShell

  1. If you do not already have data you would like to share, you can follow these steps to create a storage account. If you already have storage, you may skip to step 2.

    1. Run the New-AzStorageAccount command to create an Azure Storage account:

      $storageAccount = New-AzStorageAccount -ResourceGroupName <String> -AccountName <String> -Location <String> -SkuName <String>

$ctx = $storageAccount.Context

    2. Run the New-AzStorageContainer command to create a container in your new Azure Storage account that will hold your data:

      $containerName = <String>

New-AzStorageContainer -Name $containerName -Context $ctx -Permission blob

    3. Run the Set-AzStorageBlobContent command to upload a file. The follow example uploads textfile.csv from the D:\testFiles folder on local memory, to the container you created.

      Set-AzStorageBlobContent -File "D:\testFiles\textfile.csv" -Container $containerName -Blob "textfile.csv" -Context $ctx

    For more information about working with Azure Storage in PowerShell, follow this Azure Storage PowerShell guide.

  2. Run the New-AzDataShare command to create your Data Share:

    New-AzDataShare -ResourceGroupName <String> -AccountName <String> -Name <String> -ShareKind "CopyBased" -Description <String> -TermsOfUse <String>

  3. Use the New-AzDataShareInvitation command to create the invitation for the specified address:

    New-AzDataShareInvitation -ResourceGroupName <String> -AccountName <String> -ShareName <String> -Name <String> -TargetEmail <String>

  4. Use the New-AzDataShareSynchronizationSetting command to set a synchronization recurrence for your share. This can be daily, hourly, or at a particular time.

    New-AzDataShareSynchronizationSetting -ResourceGroupName <String> -AccountName <String> -ShareName <String> -Name <String> -RecurrenceInterval <String> -SynchronizationTime <DateTime>

Your Azure Data Share has now been created and the recipient of your Data Share is now ready to accept your invitation.

Clean up resources

When the resource is no longer needed, go to the Data Share Overview page and select Delete to remove it.

Next steps

In this tutorial, you learned how to create an Azure Data Share and invite recipients. To learn about how a Data Consumer can accept and receive a data share, continue to the accept and receive data tutorial.

[!div class="nextstepaction"] Tutorial: Accept and receive data using Azure Data Share