Azure Postgresql Flexi -How to add Microsoft Entra Non admin users via Portal

Question

HI Team

We provision the PostgreSQL flexi instance using Terraform or via Azure Portal. While adding the Microsoft Entra admins to PostgreSQL - it defaults add them with 'Create DB' , 'Create Role' and 'azure_pg_admin' roles assigned to it. Is there a way we can add MS Entra user to Postgres (from portal or Terraform) without 'Create DB' , 'Create Role' and 'azure_pg_admin' privilleges? We just need to add an Entra/AAD user with minimum privilege's (for example a monitoring user who can read the states of the database/stats).

Note: We know how to do this via Postgresql commands via - pgaadauth_create_principal

Answer 1

Hi subhash-DBA •,

Welcome to Microsoft Q&A forum.

As I understand, you want to add Microsoft Entra Non-Admin Users via Portal.

When you set Microsoft Entra authentication at the server level, the PGAadAuth extension is enabled and the server restarts.

Only a Microsoft Entra administrator for PostgreSQL can initially connect to the Azure Database for PostgreSQL flexible server instance by using a Microsoft Entra account.

The Active Directory administrator can configure subsequent Microsoft Entra database users.

Microsoft Entra administrators that you create via the Azure portal, an API, or SQL have the same permissions as the regular admin user that you created during server provisioning. Database permissions for non-admin Microsoft Entra roles are managed similarly to regular roles.

Follow to create user/role:

https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users#create-a-userrole-using-microsoft-entra-principal-name

Let us know if this helps or you have a different query.

Thanks