Does the new Database Connection in Static Web Apps support User-based access?

AP Mossevig 20 Reputation points
2023-10-31T12:02:36.84+00:00

We are using the built-in authentication in Static Web Apps (SWA) to authenticate users, using Entra ID in our organization. Now we want to enable a Database Connection, but we want to have some access control as to what the users can access in that database, depending on their group membership.

Is it possible for the Database Connection to use the user identity of the logged-in user, or does the SWA always and only identify as the identity of the app?

If it's not possible to use the user context through the Database Connection, can we access this user context in our own API (linked through the API settings of the SWA)?

Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
1,008 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pramod Valavala 20,641 Reputation points Microsoft Employee
    2023-10-31T16:30:44.6233333+00:00

    @AP Mossevig Based on the Authorization Official Doc, looks like Data API Builder, which powers Database Connection in Static Web Apps, supports Role Based Authentication.

    With Entra ID, this translates to defining App Roles for your application and assigning users to these roles.

    Note that for User Roles, there are two conditions that need to be met for Data API Builder to follow authorization rules

    1. The role information should be populated in the token (take care of by defining App Roles in Entra)
    2. The role should be specified in the X-MS-API-ROLE header as well

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.