Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Steps for connecting to SQL database #4619

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Steps for connecting to SQL database #4619

wants to merge 2 commits into from

Conversation

v-ajajvanu
Copy link
Contributor

Description

The procedures for connecting to a SQL database are outlined in this PR.

Related issues

Addresses issue #123379.

Testing

Reviewed it in code editor preview window.

FHIR Team Checklist

  • Update the title of the PR to be succinct and less than 65 characters
  • Add a milestone to the PR for the sprint that it is merged (i.e. add S47)
  • Tag the PR with the type of update: Bug, Build, Dependencies, Enhancement, New-Feature or Documentation
  • Tag the PR with Open source, Azure API for FHIR (CosmosDB or common code) or Azure Healthcare APIs (SQL or common code) to specify where this change is intended to be released.
  • Tag the PR with Schema Version backward compatible or Schema Version backward incompatible or Schema Version unchanged if this adds or updates Sql script which is/is not backward compatible with the code.
  • CI is green before merge Build Status
  • Review squash-merge requirements

Semver Change (docs)

Patch|Skip|Feature|Breaking (reason)

@v-ajajvanu v-ajajvanu added New Feature Label for a new feature in FHIR OSS Azure API for FHIR Label denotes that the issue or PR is relevant to the Azure API for FHIR Azure Healthcare APIs Label denotes that the issue or PR is relevant to the FHIR service in the Azure Healthcare APIs labels Sep 17, 2024
@v-ajajvanu v-ajajvanu added this to the S150 milestone Sep 17, 2024
@v-ajajvanu v-ajajvanu requested a review from a team as a code owner September 17, 2024 09:20
@v-ajajvanu
Copy link
Contributor Author

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@v-ajajvanu
Copy link
Contributor Author

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@v-ajajvanu
Copy link
Contributor Author

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@v-ajajvanu
Copy link
Contributor Author

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

brendankowitz
brendankowitz reviewed Sep 19, 2024
View reviewed changes
docs/HowToConnectSQLDatabase.md
ALTER ROLE db_owner ADD MEMBER [v-test@microsoft.com];
```

Revert the SQL Server Active directory admin user changes once the user has been created, that is, set the `OSS FHIR Server(App service)` user assigned identity back to SQL Server admin.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SergeyGaluzo is this the recommended approach?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@brendankowitz What problem are we trying to solve? Is something not working with managed identities?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SergeyGaluzo We have worked on creating the documentation on the below mentioned details:

"Currently in OSS, we only have a single login enabled for the SQL Server - the User Assigned Managed Identity that the FHIR Service uses to access the server.

This is a problem because customers may need to access the database directly to check data or they may have other applications that need to access the database. This also could be problematic for FHIR Team devs that need to check the database directly like the JobQueue table.

We need to provide instructions or a script to update the SQL Admin of the user's choosing (maybe the current user??) but also create the SQL Login for the User Assigned Managed Identity.

We cannot do this in pipeline because the identity we you add a SQL user via a service principal, the SQL Server needs a managed identity that has graph read all access."

@brendankowitz FYI

Copy link
Contributor

@SergeyGaluzo SergeyGaluzo Oct 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@brendankowitz I would suggest different approach. FHIR SQL server does not need FHIR Server UAMI as admin for FHIR server to work, it is just hard to setup by the pipeline. Therefore, I usually "downgrade" UAMI to db owner after FHIR server is setup. This contains similar steps to create login for UAMI and corresponding database user. Setting up user access becomes a separate issue. In certain cases, it could remain admin...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brendankowitz brendankowitz brendankowitz left review comments

@v-shnarang v-shnarang v-shnarang left review comments

@SergeyGaluzo SergeyGaluzo SergeyGaluzo left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Azure API for FHIR Label denotes that the issue or PR is relevant to the Azure API for FHIR Azure Healthcare APIs Label denotes that the issue or PR is relevant to the FHIR service in the Azure Healthcare APIs New Feature Label for a new feature in FHIR OSS
Projects
None yet
Milestone
S150
Development

Successfully merging this pull request may close these issues.
4 participants
@v-ajajvanu @brendankowitz @v-shnarang @SergeyGaluzo