Here is an example list of steps in order to add an Entra group with a database schema select grant. While some are achievable using tools like terraform or bicep, it feels like Azure could make this process more accessible and automated. Additionally, the existence of functions like pgaadauth_create_principal only in the cloud, makes the automation testing more difficult.
In Azure Portal, Azure Database for PostgreSQL flexible server | Databases create test database
In Azure Portal, Azure Database for PostgreSQL flexible server | Authentication | Add Microsoft Entra Admins create MyAdAdmin user, using an existing MyAdAdmin AAD group
Here is an example list of steps in order to add an Entra group with a database schema select grant. While some are achievable using tools like terraform or bicep, it feels like Azure could make this process more accessible and automated. Additionally, the existence of functions like
pgaadauth_create_principal
only in the cloud, makes the automation testing more difficult.Azure Database for PostgreSQL flexible server | Databases
createtest
databaseAzure Database for PostgreSQL flexible server | Authentication | Add Microsoft Entra Admins
createMyAdAdmin
user, using an existingMyAdAdmin
AAD grouppostgres
database usingMyAdAdmin
(due to https://github.com/MicrosoftDocs/azure-docs/issues/102693#issuecomment-1798118261)and create a
MyAdReader
user, using an existingMyAdReader
AAD groupAdmin
(notMyAdAdmin
) connect totest
databaseand create a schema
and add grants to
MyAdReader
MyAdReader
connect totest
databaseand verify the grant