Skip to content

Add a user to the NCC Portal

Learn how to grant user access and assign roles in the NCC Portal.

Prerequisites

Adding Fabric Pipeline Connection

Due to current Authentication method restrictions in Microsoft Fabric there is one Connection that must be manually added named CON_NCC_FABRICPIPELINES.

This can be done easily by following the steps:

  • Go to all connections
  • Click on + New
  • Click on Cloud
  • Add the following configuration:
    • Connection name: CON_NCC_FABRICPIPELINES
    • Connection type: Fabric Data Pipelines
    • Authentication method: OAuth 2.0
    • Log in with your admin account
  • Save the connection

User self-service access

Users can activate their own access by following these steps:

  1. Open the Nitrogen Portal.

    User self-service step 1

  2. Follow the prompts to complete sign-in.

    User self-service step 2

NOTE
Users may be logged in automatically. If access is not active, sign out and sign in again.

Logging Workspace

You have to go to the Tenant Settings - Logging tab. Here you need to configure the logging workspace if it has not been set up.

NOTE
You must be a Fabric Admin to set up or edit logging.

When you follow the setup a new Workspace NCC_Logging is created with a Warehouse named WH_Log. Here you need to do to the following manual steps:

  • Add the sg-ncc-service group with the Service Principal to the Workspace with Admin roles.

  • Create a logging schema: 

    CREATE SCHEMA [logging]

  • Create PipelineExecution table: 

    CREATE TABLE [WH_Log].[logging].[PipelineExecution]
(
    [WorkspaceGuid] [uniqueidentifier] NULL,
    [PipelineRunGuid] [uniqueidentifier] NULL,
    [PipelineParentRunGuid] [uniqueidentifier] NULL,
    [PipelineGuid] [uniqueidentifier] NULL,
    [PipelineName] [varchar](100) NULL,
    [PipelineParameters] [varchar](8000) NULL,
    [PipelineProcessGuid] [uniqueidentifier] NULL,
    [EntityGuid] [uniqueidentifier] NULL,
    [EntityLayer] [varchar](50) NULL,
    [TriggerType] [varchar](50) NULL,
    [TriggerGuid] [uniqueidentifier] NULL,
    [TriggerTime] [datetime2](6) NULL,
    [LogType] [varchar](50) NULL,
    [LogDateTime] [datetime2](6) NULL,
    [LogData] [varchar](8000) NULL
)

  • Create sp_AuditPipeline Stored Procedure: 

    CREATE PROCEDURE [logging].[sp_AuditPipeline]
    @PipelineGuid UNIQUEIDENTIFIER = NULL
    ,@PipelineProcessGuid UNIQUEIDENTIFIER = NULL
    ,@PipelineName VARCHAR(100) = NULL
    ,@PipelineRunGuid UNIQUEIDENTIFIER = NULL
    ,@PipelineParentRunGuid UNIQUEIDENTIFIER = NULL
    ,@PipelineParameters VARCHAR(8000) = NULL
    ,@TriggerType VARCHAR(50) = NULL
    ,@TriggerGuid UNIQUEIDENTIFIER = NULL
    ,@TriggerTime datetime = NULL
    ,@LogData VARCHAR(8000) = NULL
    ,@LogType varchar(50) --Choice between Start/End/Fail, based on this Type the correct execution will be done
    ,@WorkspaceGuid UNIQUEIDENTIFIER = NULL
    ,@EntityGuid UNIQUEIDENTIFIER = NULL
    ,@EntityLayer varchar(50) = NULL
AS
    INSERT INTO [logging].[PipelineExecution]
        ([PipelineProcessGuid]
        ,[PipelineRunGuid]
        ,[PipelineParentRunGuid]
        ,[PipelineGuid]
        ,[PipelineName]
        ,[PipelineParameters]
        ,[TriggerType]
        ,[TriggerGuid]
        ,[TriggerTime]
        ,[LogDateTime]
        ,[LogType]
        ,[LogData]
        ,[WorkspaceGuid]
        ,[EntityGuid]
        ,[EntityLayer]
            )
    VALUES (
        @PipelineProcessGuid,
        @PipelineRunGuid,
        @PipelineParentRunGuid,
        @PipelineGuid,
        @PipelineName,
        @PipelineParameters,
        @TriggerType,
        @TriggerGuid,
        @TriggerTime,
        getdate(),
        @LogType,
        @LogData,
        @WorkspaceGuid,
        @EntityGuid,
        @EntityLayer
        )

  • Create sp_SetPipelineProcessGuid Stored Procedure: 

    CREATE PROCEDURE [logging].[sp_SetPipelineProcessGuid]
    @PipelineProcessGuid UNIQUEIDENTIFIER = NULL
    ,@PipelineRunGuid UNIQUEIDENTIFIER = NULL
AS

UPDATE [logging].[PipelineExecution]
SET PipelineProcessGuid = @PipelineProcessGuid
WHERE PipelineRunGuid = @PipelineRunGuid

Updating the Tenant Variables

Now all workspaces are created that are needed for the tenant variables we can update the last Tenant Variables that are not yet set:

Variable Name Value Description
key_vault ncc-prd-we-*** Name of the key vault in the Azure environment used for storing the secrets
You can find the keyvault when you go to the Azure Portal and select the subscription you have deployed NCC into.
log_ncc_client_id_secret_name InSparkNitrogenControlCenter--ClientId Name of the secret in which the client ID is stored that allows the process to access the NCC API
In the keyvault above there are the secrets you can reuse for the logging service principal
log_ncc_client_secret_secret_name InSparkNitrogenControlCenter--ClientSecret Name of the secret in which the client secret is stored that allows the process to access the NCC API
In the keyvault above there are the secrets you can reuse for the logging service principal
log_ncc_database WH_Log Name of the warehouse where logging is stored
log_ncc_warehouse_endpoint * - *.datawarehouse.fabric.microsoft.com SqlServerName (URL) of the logging warehouse
Copy SQL connection string
log_ncc_warehouse_guid x0x0x000-x0x0-0000-0xx0-0x0xx00xx00x GUID of the logging warehouse
Go to your WH_Log and take part 2 in the screenshot Warehouse Guid
log_ncc_workspace_guid x0x0x000-x0x0-0000-0xx0-0x0xx00xx00x GUID of the logging workspace
Go to your WH_Log and take part 1 in the screenshot Warehouse Guid

Next steps