Share via

Permission to turn on Interactive Authoring in Azure Synapse Analytics

Jonathan Kelly 20 Reputation points
2025-06-10T19:07:05.3433333+00:00

I'm a part of team that regularly ingests external files/tables using activity pipelines. To do this I need to turn on interactive authoring. I've been given Admin access to the site, but I always have to ask my boss to activate it because for some reason I always get this error: {"error":{"code":"AuthorizationFailed","message":"The client [redacted] with object id [redacted] does not have authorization to perform action 'Microsoft.Synapse/workspaces/integrationruntimes/enableInteractiveQuery/action' over scope '/subscriptions/[redacted]/resourcegroups/[redacted]/providers/Microsoft.Synapse/workspaces/[redacted]/integrationruntimes/AutoResolveIntegrationRuntime' or the scope is invalid. If access was recently granted, please refresh your credentials."}}. Anyone have any suggestions on how I can resolve this issue?

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,357 questions
Accepted answer
  1. Chandra Boorla 13,885 Reputation points Microsoft External Staff Moderator
    2025-06-10T19:32:27.3033333+00:00

    @Jonathan Kelly

    Thanks for sharing the details of your issue.

    The error you're encountering - "AuthorizationFailed" with the message about lacking permission for Microsoft.Synapse/workspaces/integrationruntimes/enableInteractiveQuery/action indicates that your user account doesn't currently have the required Azure RBAC (Role-Based Access Control) permissions at the correct scope, even if you have "Admin" access in the Synapse Studio interface.

    To resolve this issue, you need to grant the managed identity the necessary permissions to access the resource.

    If the Synapse managed identity doesn't have permission to perform actions like pause or resume, you might encounter the error mentioned below. To fix this, assign the contributor role to the workspace's managed identity as follows: enter image description here

    Go to the IAM section of the Synapse workspace, click 'Add,' and then select 'Add role assignment' as shown below:

    enter image description here

    Go to Privileged Administrator Roles and select the Contributor role, as shown below:

    enter image description here

    Click on next select managed identity as shown below: enter image description here

    Once the role is assigned successfully, the web activity will run without any errors, and actions like pause or resume will work correctly using the REST API, as shown below:

    enter image description here

    If the issue still persists,

    The error might not be related to the user but to the application. Kindly look for application/SPN name with client ID: 'xxxxxxx-xxxxx-xxxxxx-xxxxxx'.

    Navigate to the subscription > Choose the subscription > Add Role assignment > Reader > assign to the application SPN:

    User's image

    User's image

    User's image

    I hope this information helps. Please do let us know if you have any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    Thank you.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.