https://pulumi.com logo
Title
e

elegant-stone-54832

11/21/2021, 8:13 PM
Hi! I am trying to grant Directory Reader role to an Azure SQL Server instance, but I stuck.
var sqlServerManagedIdentity = sqlServer.Identity.Apply(x => x.PrincipalId);

new AppRoleAssignment("SqlServerDirectoryReader", new AppRoleAssignmentArgs
{
    AppRoleId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
    PrincipalObjectId = sqlServerManagedIdentity,
    ResourceObjectId = sqlServerManagedIdentity
});
I dont' know the difference between PrincipalObjectId and ResourceObjectId 😕 Does any one has an idea?
a

adorable-soccer-30455

11/22/2021, 11:28 AM
e

elegant-stone-54832

11/22/2021, 7:53 PM
yes, @adorable-soccer-30455
a

adorable-soccer-30455

11/23/2021, 2:14 PM
I think it might be DirectoryRoleMember You should use https://www.pulumi.com/registry/packages/azuread/api-docs/directoryrolemember/
e

elegant-stone-54832

11/24/2021, 9:18 PM
Thanks that is working.
new DirectoryRoleMember("Sql Server Directory reader role", new DirectoryRoleMemberArgs()
{
RoleObjectId = new DirectoryRole("Directory Readers", new DirectoryRoleArgs
{
DisplayName = "Directory Readers"
}).ObjectId,
MemberObjectId = sqlServer.Identity.Apply(x => x.PrincipalId)
});