Azure Analysis Services presents opportunities for the automation of administrative tasks including server provisioning, scale up/down, pause/resume, model management, data refresh, deployment, among others. This can leverage cloud efficiencies and helps ensure the repeatability and reliability of mission-critical systems.
Such tasks can be performed in the Azure cloud using PowerShell in unattended mode. Services such as Azure Automation exist to support these processes. They should be executed using service principals for enhanced security and ease of management. Service principals are similar to on-premises service accounts, but for Azure. They use credentials in the form of an application ID along with a password or certificate. Model permissions are assigned to service principals through role membership like normal Azure Active Directory UPN accounts.
Creation of service principals
Learn more about how to create service principals in the Azure Portal, and how to create service principals in PowerShell either with a password or certificate.
Once the service principal is created, its application ID can be assigned permissions in the Azure Analysis Services server or model roles using the following syntax. The example below adds a service principal to the server administrators group in SSMS.
The application can be selected in SSMS using the account picker by searching for its name.
Execution of administrative tasks with PowerShell and service principals
The following example shows how to log in using a service principal application ID and password, and how to process (data refresh) a table in a model.
Note that the login cmdlet used is Login-AzureAsAccount, not Login-AzureRsAccount. The former should be used for Azure Analysis Services database-level operations such as those enabled by the Analysis Services cmdlets in the SqlServer PowerShell module. The latter should be used for Azure resource management operations such as those enabled by the AzureRM.AnalysisServices PowerShell module.
The following example shows how to log in using a service principal application ID and self-signed certificate, and how to process (data refresh) a table in a model.