...
see loader.path in Reference of application-wide parameters for loading external libraries
MSSQL
Driver is included from Version 2.3.0, for older Version driver can be found here:
https://docs.microsoft.com/de-de/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server?view=sql-server-ver16
Note |
---|
Optimal performance can only be reached when the connection string contains |
...
<servername>: enter resource group, take sql server instance name
<database>: enter resource group, click sql server: take db name from overview page
<user> : the sql server admin has to be the tia core app id.
tia core app id: enter resource group, click your container app, click left Settings/Identity, enable in tab system assigned Status on. take Object (principal) id.
select as sql server admin
enter resource group, enter sql server, Settings/MS Entra ID, set admin, in search box put tia core app id, select the app via checkbox, hit select, press save
...
Managed Identity (MSSQL Database)
Database-URL for the repsitory.cfg
Code Block |
---|
<repoName>.metaservice.databasev2.driver=com.microsoft.sqlserver.jdbc.SQLServerDriver
<repoName>.metaservice.databasev2.url=jdbc:sqlserver://<servername>.database.windows.net:1433;database=<dbname>;authentication=ActiveDirectoryMSI;encrypt=true; |
https://docs
First: Prepare your MSSQL-Database in the Portal to allow managed Identity:
Info |
---|
In case you are using a user assigned managed identity, add it on the same page accordingly. |
There are two options to grant access to the MSSQL-Database:
Add the Managed Identity as a Database-Administrator directly to Database (See: Step-by-Step: System Assigned Managed Identity)
OR
Log into a SQL-Console with the existing Database-Administrator and create a new User for the specific database/table. (See: https://learn.microsoft.com/
...
...
...
...
When doing it that way, its important to add the managed identity as a member to the role “db_datareader
” andd the role “db_datawriter
”
Code Block | ||
---|---|---|
| ||
alter role db_datareader add member [<app-service-name>];
alter role db_datawriter add member [<app-service-name>]; |
The App-Service-Name is the name of the managed-identity (in case of a server managed identity: this is equals to the name of the container app itself)
Info |
---|
For production environments, we recommend to add specific user to your database with the roles above. |
Step-by-Step: System Assigned Managed Identity set as Database-Admin
This Option grant full MSSQL Server Admin Rights to the system assigned managed identity (and therefore, to the app it belongs to).
1.) Create a system assigned managed identity in your container app by Setting the Status to “ON”.
In the background, Microsoft will create a Buisness App in your Entra-ID which is directly linked to this container app. System assigned managed identities “live” in the same lifecycle as the application itself. In case you delete the app, the system assigned managed identity is deleted as well.
2.) Copy the Object (principal) ID from that freshly created system assigned identity to your clipboard.
3.) Change to your Database Server into “Settings” ->”Microsoft Entra ID” and Select “set admin”. A Dialog on the right will pop-up where you can paste your Object ID. It should give you only one result: an Enterprise app with the same name as your application. This is your server managed identity.
4.) Set the Checkbox and click on “Select”. “The Admin name” should change to the name of your application
Don’t get confused: The App ID shown is another than selected: In Azure, Objects can have multiple identifier: a buisness identifier and a object identifier.
5.) Save with the “Save” Button:
...
6.) Restart you Container App.
Objectstorage in databasesystem (Version 1):
...