Which three actions should you perform in sequence?

Posted by: Pdfprep Category: 70-765 Tags: , ,

DRAG DROP

A new Azure Active Directory security principal named [email protected] should have access to select all current and future objects in the Reporting database. You should not grant the principal any other permissions. You should use your Active Directory Domain Services (AD DS) account to authenticate to the Azure SQL database.

You need to create the new security principal.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Step 1:

To provision an Azure AD-based contained database user (other than the server administrator that owns the database), connect to the database (here the Reporting database) with an Azure AD identity (not with a SQL Server account) that has access to the database.

Step 2: CREATE USER … FROM EXTERNAL PROVIDER

To create an Azure AD-based contained database user (other than the server administrator that owns the database), connect to the database with an Azure AD identity, as a user with at least the ALTER ANY USER permission. Then use the following Transact-SQL syntax:

CREATE USER <Azure_AD_principal_name>

FROM EXTERNAL PROVIDER;

Step 3:

Grant the proper reading permissions.

References: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication

Leave a Reply

Your email address will not be published.