I'm trying to set up an authentication using Azure AD to login to DWH.
Let's say i have an directory called target.onmicrosoft.com
I have 2 external user who was already invited to this directory (user1@gmail.com, user2@gmail.com)
For user1@gmail.com, i gave him Owner permission on subscription scope using RBAC.
For user2@gmail.com, i only gave Reader permission on subscription scope using RBAC.
From DWH AD admin portal, i set user1@gmail.com as admin. In other words, Active Directory admin of DWH is user1@gmail.com
Also, the real administrator user of DWH is another user, let's call it topmanager .
First of all, i login to DWH using topmanager and tried to create AAD user CREATE USER [user2@gmail.com] FROM EXTERNAL PROVIDER;
But it said: Only connections established with Active Directory accounts can create other Active Directory users.
So i had to login using user1@gmail.com credential (since user1 already added as AAD admin). Also I couldn't login with user2 credential.
Now i executed the same query
CREATE USER [user1@gmail.com] FROM EXTERNAL PROVIDER;
And got error: Principal 'user1@gmail.com' could not be found or this principal type is not supported.
My final intention is to give user1 full permission on DWH and schema-based full permission for user2.
Use GRANT permissions within the data warehouse. Here's a good overview:
This example does exactly what you ask:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.