1.The credentials have login access to all databases present on the server.
Yes, but with limitations refered to Authorize database access to SQL Database, SQL Managed Instance, and Azure Synapse Analytics
You can't create an additional SQL login with full administrative permissions in Azure SQL Database. Only the server admin account or the Microsoft Entra admin account (which can be a Microsoft Entra group) can add or remove other logins to or from server roles. This is specific to Azure SQL Database. 2.When a new database is created, these credentials should automatically be granted roles that allow them to create users/logins, alter roles, drop users/logins, and grant/revoke access permissions within that database.
The corresponding permissions can be granted at the time of creation. For example, the appropriate security group will have the corresponding permissions.
3.It would be helpful to have clarity on the specific permissions or roles that will assigned to these login credential, keeping in mind the principle of least privilege.
Check the following link, which categorizes and introduces the permissions.
Azure SQL Database server roles for permission management
Tutorial: Create and utilize Microsoft Entra server loginsBest Regards,
Mikey Qiao
If you're satisfied with the answer, don't forget to "Accept it," as this will help others who have similar questions to yours.