Share via

AAD in Azure sql with multi groups within the single database

Christian 26 Reputation points
2022-07-22T11:19:40.273+00:00

223781-setadmim.png
The idea is to use aad group as admin and then create a aad group in azure database as showed
"CREATE USER [aad-group] FROM EXTERNAL PROVIDER"

Afterward remove the aad group as admin and use the aad group i added above to login.
It seems that when i do it my sql server gets rolled back and the ad group does not exist

The point is to have my client add new member into the aad group and give them access to the database/table within the azure sql

Azure SQL Database
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Developer technologies | Transact-SQL
Developer technologies | Transact-SQL
A Microsoft extension to the ANSI SQL language that includes procedural programming, local variables, and various support functions.
0 comments
Answer accepted by question author
  1. Bjoern Peters 8,921 Reputation points
    2022-07-22T13:52:38.96+00:00

    Sorry to say that, but "this is not how it works" ;-)

    That user "Azure Active Directory Admin" is "only" used to connect to your AAD to read/check your AAD; without that user the SQL Server won't be able to connect to your AAD, so it won't be able to link any AAD-User or group to your SQL Server.

    for example, you create a user for those tasks like yourdomain\svc.sqlserveraad that user has read access to your AAD, and you configure your SQL Server to use this user as "Azure Active Directory Admin." You create/link that customer-admin-group in your database and grant them their permissions.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.