tSQL to set up user with View Definition permission on SQL Azure

Question

I\'m trying to export a SQL Azure database to a .bacpac file using the Azure portal. The administrator username on my database contains a *

Answer 1

as of now, GRANT VIEW DEFINITION TO [username] works in Azure SQL, I just verified it myself. See https://docs.microsoft.com/en-us/sql/relational-databases/security/permissions-database-engine?view=sql-server-ver15 for reference:

So in order to successfully export database as bacpak file you can created contained user (no need in CREATE LOGIN... command) and give the following permissions:

CREATE USER [user_from_azure_AD] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [user_from_azure_AD] 
GRANT VIEW DEFINITION TO [user_from_azure_AD]

Answer 2

Got it. I can add the user to the db_owner role and then the export proceeds without error.

EXEC sp_addrolemember 'db_owner', 'gu6t6rdb'

Answer 3

This will not work on sql azure. You will need to grant view definition at the database level. (without the ANY keyword)

GRANT VIEW DEFINITION TO gu6t6rdb

P.S: I hit the exact same issue and this seemed to solve my problem. I also had to do a Grant Execute (but it depends on what your bacpac is applying to the database)