Azure Postgresql Flexi -How to add Microsoft Entra Non admin users via Portal

Question

Azure Postgresql Flexi -How to add Microsoft Entra Non admin users via Portal

subhash-DBA 135

HI Team

We provision the PostgreSQL flexi instance using Terraform or via Azure Portal. While adding the Microsoft Entra admins to PostgreSQL - it defaults add them with 'Create DB' , 'Create Role' and 'azure_pg_admin' roles assigned to it. Is there a way we can add MS Entra user to Postgres (from portal or Terraform) without 'Create DB' , 'Create Role' and 'azure_pg_admin' privilleges? We just need to add an Entra/AAD user with minimum privilege's (for example a monitoring user who can read the states of the database/stats).

Note: We know how to do this via Postgresql commands via - pgaadauth_create_principal

SSingh-MSFT 16,371 Reputation points Moderator

2024-07-29T04:41:43.95+00:00

Hi subhash-DBA •,

We haven't heard back from you. In case you already found a solution, would you please share it here with the community? Otherwise, let us know and we will continue to engage with you on the issue.

Thanks

Accepted answer

2 additional answers

Your answer

SSingh-MSFT 16,371 Reputation points Moderator

2024-07-29T04:41:43.95+00:00

Hi subhash-DBA •,

We haven't heard back from you. In case you already found a solution, would you please share it here with the community? Otherwise, let us know and we will continue to engage with you on the issue.

Thanks

Answer 1

SSingh-MSFT 16,371 Moderator

Hi subhash-DBA •,

Welcome to Microsoft Q&A forum.

As I understand, you want to add Microsoft Entra Non-Admin Users via Portal.

When you set Microsoft Entra authentication at the server level, the PGAadAuth extension is enabled and the server restarts.

Only a Microsoft Entra administrator for PostgreSQL can initially connect to the Azure Database for PostgreSQL flexible server instance by using a Microsoft Entra account.

The Active Directory administrator can configure subsequent Microsoft Entra database users.

Microsoft Entra administrators that you create via the Azure portal, an API, or SQL have the same permissions as the regular admin user that you created during server provisioning. Database permissions for non-admin Microsoft Entra roles are managed similarly to regular roles.

Follow to create user/role:

https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users#create-a-userrole-using-microsoft-entra-principal-name

Let us know if this helps or you have a different query.

Thanks

subhash-DBA 135 Reputation points

2024-08-06T03:30:20.5066667+00:00

HI @SSingh-MSFT

I think that didn't answer my question. the challenge for us is we cannot keep an admin level privileged Entra/AAD user in the database for security reason. What I am trying to achieve is

Can we create a read-only or less privileged Entra/AAD user in Postgres via portal?
subhash-DBA 135 Reputation points

2024-08-19T12:24:32.4966667+00:00

Thank you ShaktiSingh-MSFT

Answer 2

SSingh-MSFT 16,371 Moderator

Hi subhash-DBA •,

Thanks for the reply.

It seems direct assignment or creation of less privileged role does not exist from portal.

You can create admins and then try to give custom role with less privilege if works for you.

Also, if you want your server analysis and deeper look, I would suggest you to raise support case so that team can assist you.

Thank you!

Answer 3

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Share via

Azure Postgresql Flexi -How to add Microsoft Entra Non admin users via Portal

2 additional answers

Your answer