Forum Discussion
eddie89
Feb 25, 2023Copper Contributor
How to assign multiple user-managed-identities to Azure Web App depending on the AD user
I have a single Azure Web App that connects back to Azure Flexible Postgres using AD authentication. I've managed to add the AD Administrator to Postgres and add two user managed identities as Po...
- Mar 07, 2023User-Managed-Identities are for applications to use when connecting to resources that support Azure AD authentication. They should not be directly manipulated by AAD Users (User objects) themselves. Applications use managed identities to obtain Azure AD tokens without having to manage any credentials, unlike Users who can manage their own credentials directly. What you should be leveraging are role-based access controls and I would suggest looking at creating custom roles if the out-of-box role based access control permissions don't meet what you are looking for. However, since this is more within the Postgres DB itself, you would be best served utilizing DB roles within Postgres itself: https://www.postgresql.org/docs/current/user-manag.html
ergolpe
Microsoft
Mar 07, 2023User-Managed-Identities are for applications to use when connecting to resources that support Azure AD authentication. They should not be directly manipulated by AAD Users (User objects) themselves. Applications use managed identities to obtain Azure AD tokens without having to manage any credentials, unlike Users who can manage their own credentials directly. What you should be leveraging are role-based access controls and I would suggest looking at creating custom roles if the out-of-box role based access control permissions don't meet what you are looking for. However, since this is more within the Postgres DB itself, you would be best served utilizing DB roles within Postgres itself: https://www.postgresql.org/docs/current/user-manag.html