Skip to content
Tool to authorize an managed app identity in Azure SQL server
C# Batchfile
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src/AzureSqlAppIdentityAuthTool
.editorconfig
.gitattributes
.gitignore
AzureSqlAppIdentityAuthTool.sln
README.md
build.cmd

README.md

Build status

Azure SQL Managed Identity Authorization Tool

This tool can help you by authorizing the managed service identity in a Azure SQL database.

Essentially this tools allows you to perform the following SQL statements:

CREATE USER [<identity-name>] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [<identity-name>];
ALTER ROLE db_datawriter ADD MEMBER [<identity-name>];
ALTER ROLE db_ddladmin ADD MEMBER [<identity-name>];
GO

Usage

The tool uses a connection string to connect to the Azure SQL database, it has the following form:

Server=<server-name>.database.windows.net,1433;Database=<db-name>;Encrypt=True;Authentication='Active Directory Password';User Id=<aad-user-name>;Password=<aad-password>;

Note that you have to use an Azure Active Directory user when connecting to authorize the identity.

You can optionally choose to skip adding the identity to a role by passing one (or more) of the following command line switches:

--no-datareader           (Default: false) Do not add the identity to the 'db_datareader' role.
--no-datawriter           (Default: false) Do not add the identity to the 'db_datawriter' role.
--no-ddladmin             (Default: false) Do not add the identity to the 'db_ddladmin' role.

More information is available in the tutorial in the Microsoft Docs. For integration in Azure DevOps see my blog post.

You can’t perform that action at this time.