Share via

Ability to grant admin user ADMIN option in Azure PostgreSQL Flexible Server version 16

Yichen Tian 0 Reputation points
2024-06-26T23:13:59.75+00:00

I have created a new flexible server at version 16 with 2 admins:

  • Postgres admin called "adminuser"
  • Microsoft Entra admin called "entraadmin" (visible at Security - Authentication on portal)

My use case is to transfer ownership of a database from entraadmin to adminuser.

When running

GRANT "adminuser" TO "entraadmin"

I got an error:

ERROR: permission denied to grant role "adminuser"

DETAIL: Only roles with the ADMIN option on role "adminuser" may grant this role.

The workaround that I got from related questions is that I need to create a user, grant that adminuser, and transfer ownership to that user.

Is there a way to directly give "entraadmin" ADMIN option on role "adminuser"?

Thank you for your help in advance!

Azure Database for PostgreSQL

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GeethaThatipatri-MSFT 28,852 Reputation points Microsoft Employee
    2024-06-28T15:11:44.5266667+00:00

    @Yichen Tian "Apologies for the inconvenience. I have checked internally and confirmed that we are aware of the issue. Our team is actively working on a fix, but we do not have an estimated time of resolution yet."

    Here is the workaround by having the postgresql adminuser reassign it's ownerships to a new role created by it with ADMIN option and then grant this new role to Entra users. It's quite a bit of juggling especially if you have many tables/databases on the server.

    I hope the workaround should help you.

    Regards

    Geetha