Share via

How to use second User-Assigned Managed Identity

DAVIDE EVANGELISTI 20 Reputation points
2023-10-05T13:51:38.5966667+00:00

Hi,

I have a SQL Server and two User-Assigned Managed Identity that have different priviledge.

  1. One have the graph permissions to access the AAD to create login from there. (like here https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity?view=azuresql#permissions)
  2. The second one have the access to the storage account to CREATE DATABASE SCOPED CREDENTIAL and use OPENROWSET

User's image

This is the setup.

The problem is that only the active one (the identity set as Primary Identity) is effectively used.

How can I manage this?

  • I have to collapse the two identities in one?
  • I can switch the used identity at runtime based on the task?
  • There is a way to use the NON primary if the primary don't have sufficient permissions?

thank you,
Davide E.

Azure SQL Database
0 comments
Answer accepted by question author
  1. GeethaThatipatri-MSFT 29,587 Reputation points Microsoft Employee Moderator
    2023-10-05T20:27:42.67+00:00

    Hi,@DAVIDE EVANGELISTI Welcome to Microsoft Q&A thanks for posting your question

    Unfortunately, we only support one managed identity at a time. The permissions will have to be granted to the same account

    Please let me know if you have any additional questions.

    Regards

    Geetha

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.