# Configuring Storage Account Access for Selected Virtual Networks and IP Addresses

This document outlines the steps to configure an Azure Storage Account to allow access only from selected virtual networks and IP addresses and to assign the appropriate role to a Synapse workspace.

Steps to Configure Access:<br>

### 1. Enable Access from Selected Virtual Networks and IP Addresses

1. **Navigate to the Storage Account:**

* Go to the Azure Portal.
* Select Storage Accounts from the services list.
* Click on the desired storage account to configure.

2. **Set Network Access Configuration:**

* In the left-hand menu, click on Networking.
* Under the Firewalls and Virtual Networks section:
  * Locate the Public network access setting.
  * Select Enabled from selected virtual networks and IP addresses.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXcRzlGRhxcLSwiAieXghSEyJVcz1DmZEW4gpIw9yRyAsq9OY3oQvVUP90XZeRj65i_LC2Mrke8lCWuWllu7u_09b_wzTxrYvWIva9yTgCTm9Ue_CUAgdLoMGqkJcER3U_81AHRfUg?key=BxEC62GTie1l0tzdFkWd_25H" alt=""><figcaption></figcaption></figure>

3. **Add Client IP Addresses:**

* Scroll down to the IP network rules section.
* Add the respective client IP addresses that should have access to the storage account.
* Click Save to apply the changes.

### 2. Assign Role to Synapse Workspace

1. **Navigate to Access Control (IAM):**

* Select Access Control (IAM) from the left-hand blade in the storage account menu.

2. **Add Role Assignment:**

* Click +Add → Add role assignment.
* In the Role field, search for Storage Blob Data Contributor and select it.
* Click Next.

<br>

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdj1Z0P1Us_5KfetBw319HIiajrIOE8wD0yFZ0ornXaGerhb2GvOVPWzVnO0Lct6pYEoeqRFPfqwxgBJuASB6kUnY1urcmzDX3FiiPu3Rj8lCQ8T8dQrcVCaN4WP6Lr2syP_J-mGA?key=BxEC62GTie1l0tzdFkWd_25H" alt=""><figcaption></figcaption></figure>

3. **Select Managed Identity:**

* MembersUnder Assign access to, select Managed Identity.
* Click Select Members.

4. **Choose Synapse Workspace:**

* In the Managed Identity blade, locate and select your Synapse workspace from the list of available identities.
* Once selected, click Select.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXf5WCIqAtrefn2pI3gcid9XaJwsYMF6Wuke7kCNFA4W4jNHEZDzUmOPatibwImcR3UPZMDFOI6GR7x26YlZNQ6ItUTXnDhjkQVp_oKlfZvxyTsLbgj9rqneutH9d8GWGGjbvAuM?key=BxEC62GTie1l0tzdFkWd_25H" alt=""><figcaption></figcaption></figure>

5. **Review and Assign:**

* Click Next twice to review the assignment.
* Confirm the details and click Review + Assign to complete the role assignment.

### Verification

1. Test the storage account access from the listed virtual networks and IP addresses.
2. Verify that the Synapse workspace has the appropriate permissions by accessing the Storage Blob data.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mydbsync.com/cloud-replication-main/target-setup/azure-synapse/configuring-storage-account-access-for-selected-virtual-networks-and-ip-addresses.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.