You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/hdinsight/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight.md
+8-9Lines changed: 8 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@ HDInsight has added the Managed Identity option for authenticating SQL databases
13
13
14
14
This article outlines the process of using the Managed Identity (MSI) option for SQL Database authentication when creating a HDInsight cluster.
15
15
16
-
The Managed Identity option is available for the following Databases:
16
+
The Managed Identity (MI) option is available for the following Databases:
17
17
18
18
19
19
| Databases | Host on Behalf of (HoBo) DB | Bring Your Own (BYO) DB |
@@ -24,7 +24,9 @@ The Managed Identity option is available for the following Databases:
24
24
|Ranger (ESP)|N | N |
25
25
26
26
> [!NOTE]
27
-
> MSI option is presently unavailable for ESP clusters configured with the HoBo setup.
27
+
> 1. Managed Identity (MI) is currently available only in public regions. It will be rolled out to other regions in future releases.
28
+
> 2. MI option is not enabled by default. To get it enabled, submit a support ticket with your subscription and region details.
29
+
28
30
29
31
## Create Managed Identity
30
32
@@ -33,11 +35,11 @@ The Managed Identity option is available for the following Databases:
33
35
34
36
1. Select the Managed Identity to authenticate with SQL Database.
35
37
:::image type="content" source="./media/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight/storage-tab.png" alt-text="Screenshot showing the storage tab." border="true" lightbox="./media/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight/storage-tab.png":::
36
-
1. Create a contained user with the Managed identity (contosoMSI) in the corresponding SQL database.
37
-
1.Follow these steps in the Azure SQL database query editor to create a database user and grant it read-write permissions. Perform these steps for each SQL Database you're going to use for different services such as Ambari, Hive, Oozie, or Ranger.
38
-
1. User name must contain the original MSI name extended by a user-defined suffix. As best practice, the suffix can include an initial part of its Object ID.
38
+
1. Create a contained user with the Managed identity in the corresponding SQL database.
39
+
*Follow these steps in the Azure SQL database query editor to create a database user and grant it read-write permissions. Perform these steps for each SQL Database you're going to use for different services such as Ambari, Hive, Oozie, or Ranger.
40
+
* User name must contain the original MSI name extended by a user-defined suffix. As best practice, the suffix can include an initial part of its Object ID.
39
41
Object ID of managed identity can be obtained from portal on the managed identity portal page.
40
-
42
+
41
43
For example:
42
44
MSI Name: contosoMSI
43
45
Object ID: `2ba6c-1111-2222-3333-cccccccccccc`
@@ -71,6 +73,3 @@ Object ID of managed identity can be obtained from portal on the managed identit
71
73
```
72
74
73
75
1. After entering the necessary details, proceed with Cluster creation on the portal.
74
-
75
-
> [!NOTE]
76
-
> If you’re using managed identity as Entra admin in SQL DB, you have to execute the above commands via SDK/Powershell.
0 commit comments