Grant db_read access to my service principle

Iris Dijkstra 0 Reputation points
2023-11-03T16:24:52.3+00:00

Hi!

I'm using power automate to automate a task. In order to make this task working I want to give my service principle read permission on the database (I prefer to do this only on a specific table).

However, if I try to give RBAC permissions on sql-server/db, i only get the predescribed roles. Its also not possible to do this with PowerShell scripts.

I guess I need to fix it from DB side, but I dont know where to start. Could someone give me advise?

Thanks!

Azure SQL Database
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,459 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Nandan Hegde 32,026 Reputation points MVP
    2023-11-03T16:57:55.8766667+00:00

    Hey,

    You need to login in within the Azure SQL Database via an AD account that has DB_owner role.

    Then execute the below commands :

    Create user [<<SPName>>] from External provider

    Grant [<<SPname>>] Select on <<TableNm>> --in case if access on specific table

    If read access on entire DB :

    EXEC sp_addrolemember 'db_datareader', '<<spname>>';

    https://azureops.org/articles/grant-access-to-azure-sql-database/#:~:text=Navigate%20to%20Azure%20SQL%20database,will%20select%20the%20admin%20account.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.