Data Sources

Data sources available for use by the ICS community

Platforms

ICS supported platforms.

Teams

ICS Teams


Menu Button Menu Button

Issue with managing admin users in AZure SQL server PaaS

dDatabase level admins

Though they can manage both users and object, they do not have enough privileges to manage other admin users.

Utilizing a Entra ID admin for managing admin users

  1. create DBA group for source in Azure active directory.

  2. Assign group to as Entra ID for SQL server instance

  3. Add Administrators to Azure AD group

issue: Entra Id's can only be used with a publicly available fully qualified domain name.

Solution 1: enable/disable public network access when managing admins

  1. Entra ID admins are not permitted access to any of the databases that contain protected data.

  2. Entra ID admin may not provide themselves with access to databases that contain protected data.

  3. Enable public access to SQL server instance, this will allow use of the private FQDN provided by Azure.

  4. Manage admin user as needed.

  5. Disable public access to SQL server instance

Solution 2: Provide available fully qualified domain name that maps to our internal subnet.

  1. This solution will provide full access for Entra ID admins without have to enable public access to the database

Table of Contents

Updated on August 7, 2025