#Azure AD User Creation - Role Assignment & Removal
Here are the SQL commands to add an Azure AAD user to a SQL DB.
Note: This command can be run directly on the DB without the need to creat a SQL Login on the Server before hand.
CREATE USER [<your.user@company.com>] FROM EXTERNAL PROVIDER
Once you have added your AAD user you need to set their permissions like this. The below command gives the user read access to the DB. The role, of course, depends on the task at hand.
Note: A good ref for roles can be found here
.
ALTER ROLE db_datareader ADD MEMBER [<your.user@company.com>]
Equally the reverse can be achieved by swapping 'ADD' fro 'DROP'.
ALTER ROLE db_datareader DROP MEMBER [<your.user@company.com>]