From e1c2b073d1ccc5a0b6630dc39679b5ed9b6ad219 Mon Sep 17 00:00:00 2001 From: Marc Rufer Date: Thu, 27 Feb 2025 20:16:55 +0100 Subject: [PATCH 1/2] Update authentication-azure-ad-user-assigned-managed-identity.md --- ...entication-azure-ad-user-assigned-managed-identity.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md b/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md index 551763433dd..bafdd8ccf3f 100644 --- a/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md +++ b/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md @@ -57,9 +57,12 @@ These permissions should be granted before you provision a logical server or man > [!IMPORTANT] > Only a [Privileged Role Administrator](/entra/identity/role-based-access-control/permissions-reference#privileged-role-administrator) or higher role can grant these permissions. -- [User.Read.All](/graph/permissions-reference#user-permissions): Allows access to Microsoft Entra user information. -- [GroupMember.Read.All](/graph/permissions-reference#group-permissions): Allows access to Microsoft Entra group information. -- [Application.Read.ALL](/graph/permissions-reference#application-resource-permissions): Allows access to Microsoft Entra service principal (application) information. +- [User.Read.All](/graph/permissions-reference#userreadall): Allows access to Microsoft Entra user information. +- [GroupMember.Read.All](/graph/permissions-reference#groupmemberreadall): Allows access to Microsoft Entra group information. +- [Application.Read.All](/graph/permissions-reference#applicationreadalls): Allows access to Microsoft Entra service principal (application) information. + +> [!NOTE] +> For creation of a contained database userr for a Microsoft Entra group, `Group.Read.All` permission is required additionally to the ones listed above. ### Grant permissions From ee915087073142e7c742219c9e7165c687d8b474 Mon Sep 17 00:00:00 2001 From: Van To <40007119+VanMSFT@users.noreply.github.com> Date: Thu, 27 Feb 2025 13:55:17 -0800 Subject: [PATCH 2/2] format change --- .../authentication-azure-ad-user-assigned-managed-identity.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md b/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md index bafdd8ccf3f..a77cb24bc87 100644 --- a/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md +++ b/azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md @@ -61,8 +61,7 @@ These permissions should be granted before you provision a logical server or man - [GroupMember.Read.All](/graph/permissions-reference#groupmemberreadall): Allows access to Microsoft Entra group information. - [Application.Read.All](/graph/permissions-reference#applicationreadalls): Allows access to Microsoft Entra service principal (application) information. -> [!NOTE] -> For creation of a contained database userr for a Microsoft Entra group, `Group.Read.All` permission is required additionally to the ones listed above. +To create a contained database user for a Microsoft Entra group, the `Group.Read.All` permission is required additionally to the ones listed above. ### Grant permissions