访问多个数据库 Azure SQL
[英]Access multiple database in Azure SQL
问题描述
I have created 2 azure security groups (Read-SQL and the second is Write-SQL) in order for them to login into multiple Azure SQL servers via SSMS using their Azure AD identity based on their group membership in order to access multiple databases on those services.
我创建了 2 个 azure 安全组(Read-SQL,第二个是 Write-SQL),以便他们通过 SSMS 使用基于其组成员身份的 Azure AD 身份登录多个 Azure SQL 服务器,以便访问这些服务器上的多个数据库服务。
First of all I have configured an admin group on the SQL Server in our Azure tenant.首先,我在 Azure 租户的 SQL 服务器上配置了一个管理员组。
I have connected to the SQL via SSMS using my credentials and so far so good.我已经使用我的凭据通过 SSMS 连接到 SQL,到目前为止一切顺利。
After that I opened a query and typed in master database之后我打开一个查询并输入 master 数据库
CREATE USER [SQL-READ] FROM external provider
ALTER ROLE db_datareader ADD MEMBER [SQL-READ];
(Did the same thing for Write-SQL) (对 Write-SQL 做了同样的事情)
only the user is created and no permission given with an error saying the user does not exist or I don't have permission.只创建了用户,没有给出权限,错误提示用户不存在或我没有权限。
I have Azure global administrator permission in Azure and I don't know why I get this error.我在 Azure 有 Azure 全局管理员权限,不知道为什么会报这个错。
In the bottom line I would like that Read-SQL and Write-SQL will be able to login in to the SQL Server and have access to all databases within it as well as giving Read-SQL reading permissions and to Write-SQL writing permission.最后,我希望 Read-SQL 和 Write-SQL 能够登录到 SQL 服务器并访问其中的所有数据库,并授予 Read-SQL 读取权限和 Write-SQL 写入权限。
I read a few Microsoft articles but I got even more confused since I don't know if I need to create a login or create a user or a contained user.我阅读了一些 Microsoft 文章,但我变得更加困惑,因为我不知道我是否需要创建登录名或创建用户或包含的用户。
Please help请帮忙
Thank you谢谢
Here are few screenshots for better understanding这里有一些截图可以更好地理解
enter image description here在此处输入图像描述
enter image description here在此处输入图像描述
Read the following articles but only partial success.阅读以下文章但仅部分成功。
https://www.mssqltips.com/sqlservertip/6751/azure-ad-authentication-azure-sql-databases/ https://www.mssqltips.com/sqlservertip/6751/azure-ad-authentication-azure-sql-databases/
https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-powershell#create-contained-users-mapped-to-azure-ad-identities https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?view=azuresql&tabs=azure-powershell#create-contained-users-mapped-to-azure-ad-身份
https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview?view=azuresql https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview?view=azuresql
https://learn.microsoft.com/en-us/sql/relational-databases/security/contained-database-users-making-your-database-portable?view=sql-server-ver16 https://learn.microsoft.com/en-us/sql/relational-databases/security/contained-database-users-making-your-database-portable?view=sql-server-ver16
1 个解决方案
解决方案1
0 2023-02-01 20:04:28
Whether you should create a login, user or contained user will depend on your access and security requirements.您是否应该创建登录名、用户或包含的用户将取决于您的访问和安全要求。 However, in Azure SQL Database, users are created per database.但是,在 Azure SQL 数据库中,用户是按数据库创建的。 So, you can create the login in the master database and then you need to create the associated user in each database on that SQL Server.因此,您可以在 master 数据库中创建登录名,然后您需要在该 SQL 服务器上的每个数据库中创建关联用户。
This documentation gives more information on creating logins, users and contained users for Azure SQL Database. 本文档提供了有关为 Azure SQL 数据库创建登录名、用户和包含用户的更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.