Home » Microsoft » DP-201 v.2 » What should you include in the recommendation?
You are designing the security for an Azure SQL database.
You have an Azure Active Directory (Azure AD) group named Group1.
You need to recommend a solution to provide Group1 with read access to the database only.
What should you include in the recommendation?
A. a contained database user
B. a SQL login
C. an RBAC role
D. a shared access signature (SAS)
Correct Answer: A
Explanation/Reference:
Explanation:
Create a User for a security group
A best practice for managing your database is to use Windows security groups to manage user access. That way you can simply manage the customer at the Security Group level in Active Directory granting appropriate permissions. To add a security group to SQL Data Warehouse, you use the Display Name of the security group as the principal in the CREATE USER statement.
CREATE USER [] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = []; In our AD instance, we have a security group called Sales Team with an alias of [email protected]. To add this security group to Synapse Analytics you simply run the following statement:
CREATE USER [Sales Team] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = [sales];
Reference:
https://blogs.msdn.microsoft.com/sqldw/2017/07/28/adding-ad-users-and-security-groups-to-azure-sql-data-warehouse/