Grant Azure Managed Identity Access to Azure SQL Database

Maybe more explanation later, but for now, just this snippet:

CREATE USER [my-azure-function-app] FROM EXTERNAL PROVIDER;
EXEC sp_addrolemember 'db_owner', 'my-azure-function-app';

Assumes you have an Azure Function App called my-azure-function-app and used the Identity blade to create a System assigned identity, which was also named my-azure-function-app.

Some other sources suggested using the Object ID of the managed identity, but I had no luck with that approach.

As far the connection string, I had some trouble finding the correct format, but turns out you want Authentication="Active Directory Managed Identity", for something like this:

Server=tcp:my-database-server.database.windows.net,1433;Initial Catalog=MyCatalog;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Authentication="Active Directory Managed Identity";

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *