ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-765 All Questions

View all questions & answers for the 70-765 exam
Go to Exam

Exam 70-765 topic 2 question 11 discussion

Actual exam question from Microsoft's 70-765
Question #: 11
Topic #: 2
[All 70-765 Questions]

DRAG DROP -
A new Azure Active Directory security principal named [email protected] should have access to select all current and future objects in the
Reporting database. You should not grant the principal any other permissions. You should use your Active Directory Domain Services (AD DS) account to authenticate to the Azure SQL database.
You need to create the new security principal.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Step 1:
To provision an Azure AD-based contained database user (other than the server administrator that owns the database), connect to the database (here the
Reporting database) with an Azure AD identity (not with a SQL Server account) that has access to the database.
Step 2: CREATE USER ... FROM EXTERNAL PROVIDER
To create an Azure AD-based contained database user (other than the server administrator that owns the database), connect to the database with an Azure AD identity, as a user with at least the ALTER ANY USER permission. Then use the following Transact-SQL syntax:
CREATE USER <Azure_AD_principal_name>
FROM EXTERNAL PROVIDER;
Step 3:
Grant the proper reading permissions.
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication
by V_karag at Feb. 1, 2020, 8:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
KC
5 years ago
I think the answer is slightly off. there is a typo in the sp. It should be sp_addrolemember . Then I believe there is another issue that the user should be able to select, not just read, the database.
upvoted 1 times
Cococo
4 years, 7 months ago
The db_datareader role allows a user to be able to issue a SELECT statement against all tables and views in the database. https://www.mssqltips.com/sqlservertip/1900/understanding-sql-server-fixed-database-roles/
upvoted 1 times
...
...
V_karag
5 years, 4 months ago
Detailed article https://www.sqlshack.com/working-azure-active-directory-azure-sql-database/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel