New server roles for Azure SQL Database and SQL Server 2022 in Public Preview: Database Management without admin-access
We are now releasing a new set of server roles which support server- and ...
Updated May 25, 2022
Version 3.0
Blog Post
5 MIN READ
New server roles for Azure SQL Database and SQL Server 2022 in Public Preview
Hi everyone,
I am facing an strange issue dealing with those server roles in my Azure DB environment when using a login derived from AAD Group (Microsoft Entra) for low-privileged activities (such as create DBs, deploy changes in it).
It does work when I am using a simple SQL Login but does not work with AAD Groups.
For example if I add AAD Login (Group) to ##MS_DatabaseConnector##, I am not able to login to a virtual server and getting the following error: Login failed for user '<token-identified principal>'. (Framework Microsoft SqlClient Data Provider)
Script is very trivial:
CREATE LOGIN [SG-User] FROM EXTERNAL PROVIDER;
GO
ALTER SERVER ROLE ##MS_DatabaseConnector## ADD MEMBER [SG-User];
GO
I know it is possible to use another way to grant access via users in master DB and adding to specific master roles but I would like to make it work according to Microsoft recommendation where those new Server Roles is the right way to go (for ).
Can someone please point me to the right direction if this is a know issue?
So far I have not been able to locate similar issues in the web.
Thank you
GO
I know it is possible to use another way to grant access via users in master DB and adding to specific master roles but I would like to make it work according to Microsoft recommendation where those new Server Roles is the right way to go (for ).
Can someone please point me to the right direction if this is a know issue?
So far I have not been able to locate similar issues in the web.
Thank you