Can't create a user on Synapse Serverless SQL Pool

Alexandre Von Mühlen 71 Reputation points
2023-06-26T20:45:47.5166667+00:00

Hi,

I'm trying to create a user or login on a Synapse Serverless SQL Pool using this code:

CREATE LOGIN [******@domain.com] FROM EXTERNAL PROVIDER;

Tried the same with USER.

I'm receiving this error message as result:

"Msg 37353, Level 16, State 1, Line 5 Server identity does not have Azure Active Directory Readers permission."

I have already given the permission AAD Readers to the server identity as it mentioned, but still same error.

Is there anything else I have to do so I'll be able to create this logins?

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,392 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AnnuKumari-MSFT 34,561 Reputation points Microsoft Employee Moderator
    2023-06-27T11:12:54.9+00:00

    Hi
    Alexandre Von Mühlen
    •Thankyou for using Microsoft Q&A platform and thanks for posting your query.

    From the description of your question, it seems that you are trying to create a login and a user for serverless sql pool and you are getting an error during that process. Please let me know if that is not the case.

    Kindly make sure that you are trying to create the login using the master database while you are connected via the active directory ID. You can use the following syntax to create the login:

    CREATE LOGIN <login_name> WITH PASSWORD = '<enterStrongPasswordHere>';
    
    GO
    

    Additionally, you may also need to provide User.Read.All, GroupMember.Read.All and Application.Read.All API permissions to the user managed identity assigned to the Azure SQL Database instance

    For more details, kindly visit the following resources:

    https://learn.microsoft.com/en-us/answers/questions/1161482/login-creation-failed-while-using-service-principa?orderby=oldest

    https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity?view=azuresql#grant-permissions

    Create Login and User for Server less SQL Pool in Azure Synapse Analytics

    Hope it helps. Kindly accept the answer if it was helpful. Thankyou.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.