Setting server roles in Azure SQL
I am setting up a new Azure SQL database server with Entra security. I am having trouble adding a user to the database manager server role.
I add the login in the master database like this:
CREATE LOGIN [email address removed for privacy reasons] FROM EXTERNAL PROVIDER
I then add the login to the server roles like this:
ALTER SERVER ROLE ##MS_DatabaseConnector## ADD MEMBER [email address removed for privacy reasons]
ALTER SERVER ROLE ##MS_DatabaseManager## ADD MEMBER [email address removed for privacy reasons]
ALTER SERVER ROLE ##MS_DefinitionReader## ADD MEMBER [email address removed for privacy reasons]
ALTER SERVER ROLE ##MS_LoginManager## ADD MEMBER [email address removed for privacy reasons]
ALTER SERVER ROLE ##MS_ServerStateManager## ADD MEMBER [email address removed for privacy reasons]
(I am creating a sysadmin login, hence all of the roles.)
There are no errors reported.
When a CREATE DATABASE is run when logged in email address removed for privacy reasons the following error is reported:
Msg 262, Level 14, State 1, Line 1
CREATE DATABASE permission denied in database ‘master’.
I have obviously left a step out, but in looking at MS and other documents, I can’t see what it is.
Thanks,
Eric.
I am setting up a new Azure SQL database server with Entra security. I am having trouble adding a user to the database manager server role. I add the login in the master database like this:CREATE LOGIN [email address removed for privacy reasons] FROM EXTERNAL PROVIDER I then add the login to the server roles like this:ALTER SERVER ROLE ##MS_DatabaseConnector## ADD MEMBER [email address removed for privacy reasons]ALTER SERVER ROLE ##MS_DatabaseManager## ADD MEMBER [email address removed for privacy reasons]ALTER SERVER ROLE ##MS_DefinitionReader## ADD MEMBER [email address removed for privacy reasons]ALTER SERVER ROLE ##MS_LoginManager## ADD MEMBER [email address removed for privacy reasons]ALTER SERVER ROLE ##MS_ServerStateManager## ADD MEMBER [email address removed for privacy reasons] (I am creating a sysadmin login, hence all of the roles.)There are no errors reported.When a CREATE DATABASE is run when logged in email address removed for privacy reasons the following error is reported:Msg 262, Level 14, State 1, Line 1CREATE DATABASE permission denied in database ‘master’. I have obviously left a step out, but in looking at MS and other documents, I can’t see what it is. Thanks,Eric. Read More