You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Omnia has created an Entra security group which is member of this role, and is intented to grant service principals (managed identities/app registrations) membership to this role. Adding as SP to this group is a manual process which involved sending an email to [email protected] (ref https://docs.omnia.equinor.com/governance/iam/App-Admin-Consent/).
Tasks:
Send email to [email protected] requesting the SQL server identities to be member of the Entra Group
Add information in radix-private on how to request DirectoryReader role membership.
Update readme in radix-vulnerability-scanner and radix-cost-allocation with a description on what permissions are required, and perhaps a link to radix-private, which can contain more Equinor specific details.
The text was updated successfully, but these errors were encountered:
Today the deploy-database GH actions for radix-cost-allocation and radix-vulnerability-scanner is unable to create users (CREATE USER FROM EXTERNAL PROVIDER) because the SQL Server identity is missing the DirectoryReader role, ref. https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-service-principal?view=azuresql
Omnia has created an Entra security group which is member of this role, and is intented to grant service principals (managed identities/app registrations) membership to this role. Adding as SP to this group is a manual process which involved sending an email to [email protected] (ref https://docs.omnia.equinor.com/governance/iam/App-Admin-Consent/).
Tasks:
The text was updated successfully, but these errors were encountered: