Hi Adigopula, Vijaya (CORP Admin Account),
Thanks for reaching out to Microsoft Q&A.
Yes, to use a MI for auth in SQL, the MI needs to be granted appropriate permissions on the Azure SQL Database. You will need to add the MI as a user in the db and assign it the necessary roles.
Add the MI to SQL Server:
- First, retrieve the mi object ID (for a system assigned mi, this can be found in the Azure portal under the VM or app service's Identity settings).
- Then, log in to the SQL db as a user with the necessary admin privileges and run the following SQL commands to create a login and user for the managed identity
- CREATE USER [<Managed Identity Name>] FROM EXTERNAL PROVIDER;
Grant the Required Role to the MI:
- Depending on what actions the managed identity needs to perform in the SQL Database, you will need to assign it the appropriate roles. For example:
- ALTER ROLE db_datareader ADD MEMBER [<Managed Identity Name>];
- ALTER ROLE db_datawriter ADD MEMBER [<Managed Identity Name>];
Update the Connection String: Make sure you are passing the access token in your SQL connection. Your code should look something like this:
Ensure that the MI has the proper roles and permissions on the SQL db, and the conn string uses the correct server and database values!
Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.