You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/hdinsight/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight.md
+17-13Lines changed: 17 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,6 @@ HDInsight has added the Managed Identity option for authenticating SQL databases
14
14
This article outlines the process of using the Managed Identity (MSI) option for SQL Database authentication when creating a HDInsight cluster.
15
15
16
16
The Managed Identity (MI) option is available for the following Databases:
17
-
18
17
19
18
| Databases | Host on Behalf of (HoBo) DB | Bring Your Own (BYO) DB |
20
19
|-|-|-|
@@ -28,24 +27,29 @@ The Managed Identity (MI) option is available for the following Databases:
28
27
> 2. MI option is not enabled by default. To get it enabled, submit a support ticket with your subscription and region details.
29
28
30
29
31
-
## Create Managed Identity
30
+
## Steps to Use Managed Identity during cluster creation in Azure portal
32
31
33
-
1. During cluster creation, navigate to the Storage section and select the SQL database for Ambari, Hive, Oozie, or Ranger. Choose Managed Identity as the Authentication method.
34
-
:::image type="content" source="./media/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight/basic-tab.png" alt-text="Screenshot showing the basic tab." border="true" lightbox="./media/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight/basic-tab.png":::
32
+
1. During cluster creation, navigate to the Storage section and select the SQL database for Ambari, Hive, Oozie, or Ranger. Choose Managed Identity as the Authentication method.
33
+
34
+
:::image type="content" source="./media/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight/basic-tab.png" alt-text="Screenshot showing the basic tab." border="true" lightbox="./media/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight/basic-tab.png":::
35
35
36
36
1. Select the Managed Identity to authenticate with SQL Database.
37
-
:::image type="content" source="./media/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight/storage-tab.png" alt-text="Screenshot showing the storage tab." border="true" lightbox="./media/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight/storage-tab.png":::
37
+
38
+
:::image type="content" source="./media/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight/storage-tab.png" alt-text="Screenshot showing the storage tab." border="true" lightbox="./media/use-managed-identity-for-sql-database-authentication-in-azure-hdinsight/storage-tab.png":::
39
+
38
40
1. Create a contained user with the Managed identity in the corresponding SQL database.
39
-
* Follow these steps in the Azure SQL database query editor to create a database user and grant it read-write permissions. Perform these steps for each SQL Database you're going to use for different services such as Ambari, Hive, Oozie, or Ranger.
40
-
* User name must contain the original MSI name extended by a user-defined suffix. As best practice, the suffix can include an initial part of its Object ID.
41
-
Object ID of managed identity can be obtained from portal on the managed identity portal page.
42
41
43
-
For example:
44
-
MSI Name: contosoMSI
45
-
Object ID: `2ba6c-1111-2222-3333-cccccccccccc`
46
-
42
+
Follow these steps in the Azure SQL database query editor to create a database user and grant it read-write permissions. Perform these steps for each SQL Database you're going to use for different services such as Ambari, Hive, Oozie, or Ranger.
43
+
44
+
45
+
> [!NOTE]
46
+
> User name must contain the original MSI name extended by a user-defined suffix. As best practice, the suffix can include an initial part of its Object ID.
47
+
Object ID of managed identity can be obtained from portal on the managed identity portal page.
48
+
> For example:
49
+
> MSI Name: contosoMSI
50
+
> Object ID: `2ba6c-1111-2222-3333-cccccccccccc`
51
+
> user_name could be `contosoMSI-2ba6c`
47
52
48
-
user_name could be `contosoMSI-2ba6c`
49
53
50
54
```
51
55
CREATE USER {user_name} FROM EXTERNAL PROVIDER WITH OBJECT_ID={object id of cluster managed identity};
0 commit comments