Data Source=<servername>.database.windows.net;Initial Catalog=<dbname>;User ID=<svcaccount>;Password=<PW>;Connect Timeout=30;Encrypt=True;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False;MultipleActiveResultSets=true
- Master:
Create login svc_deploy with password = '<PW>';
- DB:
create user svc_deploy for login svc_deploy;
exec sp_addrolemember 'db_owner', svc_deploy;
- DB:
CREATE USER [<AD GROUP NAME>] FROM EXTERNAL PROVIDER;
exec sp_addrolemember 'db_owner', [<AD GROUP NAME>] ;
SELECT r.name role_principal_name, m.name AS member_principal_name
FROM sys.database_role_members rm
JOIN sys.database_principals r
ON rm.role_principal_id = r.principal_id
JOIN sys.database_principals m
ON rm.member_principal_id = m.principal_id
exec sp_droprolemember db_owner, svc_dwhr_sync
GRANT CREATE PROCEDURE TO svc_dwhr_prod_sync
GRANT CREATE TYPE TO svc_dwhr_prod_sync
db_owner db_datawriter db_datareader
- create login svc with read access on the db ('svc_dwhr_read_cusa')
- create user for this svc login in both source db ('db_datareader') and consumer db ('db_owner)
- Then execute in the consumer db:
--STEP 1 - Create chemas
CREATE SCHEMA cusa;
--STEP 2 - Change Schema ownership to dbo
ALTER AUTHORIZATION ON SCHEMA::cusa TO dbo
--STEP 3 Create external table credentials - To be done by Infra. Check if not already exists
BEGIN
CREATE DATABASE SCOPED CREDENTIAL svc_dwhr_scoped_cusa
-- 'svc_dwhr_read_cusa' currently present in both dwhr (db_owner) and cusa(db_datareader) DBs
WITH IDENTITY = 'svc_dwhr_read_cusa',
-- secret for 'svc_dwhr_read_cusa' (stored in Vault)
SECRET = '';
END
CREATE EXTERNAL DATA SOURCE cusa_db WITH
(
TYPE = RDBMS,
LOCATION = '<SERVER_NAME>.database.windows.net',
DATABASE_NAME = 't-sn-cusa-1-sdb',
CREDENTIAL = svc_dwhr_scoped_cusa
)
GO
set membersync to 0 when you want to start everything from scratch recommended via azure support this resulted in very slow sync -> not really usefull UPDATE dss.syncgroupmember SET memberstate = 0 WHERE name = 'Client_QA'