Warehouse security dating
Use the "Application User" account with more limited permissions to connect from your application to the database with the least privileges needed by your application.
There are ways to further limit what a user can do with Azure SQL Data Warehouse: Managing databases and logical servers from the Azure portal or using the Azure Resource Manager API is controlled by your portal user account's role assignments.
Firewall rules are used by both the server and the database to reject connection attempts from IP addresses that have not been explicitly whitelisted.
When you encrypt your database, associated backups and transaction log files are encrypted without requiring any changes to your applications.
TDE encrypts the storage of an entire database by using a symmetric key called the database encryption key.
Creating a user in master allows a user to log in using tools like SSMS without specifying a database name.
It also allows them to use the object explorer to view all databases on a SQL server. For more information on these additional roles and authenticating to a SQL Database, see Managing databases and logins in Azure SQL Database.