CODEWITHSUNDEEP
azureazure-sql-databaseazure-bicep
Martijn
Martijn

Reputation: 878

Bicep deploy Azure SQL server without admin account for RBAC only

All online tutorials use administratorLogin and administratorLoginPassword. But I don't want to create an administrator login because I'm using RBAC. Here is my bicep

resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
  name: serverName
  location: resourceLocation
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    administratorLogin: null
    administratorLoginPassword: null
  }
}

But this gives a deployment error Invalid value given for parameter Login. Specify a valid parameter value.

I also tried omitting the properties section but that gave the same result.

I also tried this

 properties: {
    administrators:{
      azureADOnlyAuthentication: true
    }
  }

But that gives me the error In order to use Azure AD Only Authentication, please provide details of an external administrator.

But still I don't want an administrator. I want to use RBAC for all access and admin privileges.

Is it possible to deploy an SQL server without an admin account altogether, and then assign RBAC roles? If not what are my options?

Upvotes: 1

Views: 53

Answers (1)

Martijn
Martijn

Reputation: 878

I have found a solutions that is perfect for me right now. Using an Entra group as admin.

resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
  name: serverName
  location: resourceLocation
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    administrators:{
      administratorType: 'ActiveDirectory'
      azureADOnlyAuthentication: true
      principalType: 'Group'
      login: 'nameofthegroupwithoutspaces'
      sid: 'object id of an Entra group containing administrators'
      tenantId: subscription().tenantId
    }
  }
}

Leaving the post up in case someone else needs this.

Upvotes: 1

Related Questions