Question: Why I'm getting the warning:
'WARNING: no privileges were granted for "My-Database"?
Even though you can connect to My-Database using the Entra ID administrator (DbAdmins), that account does not automatically have the required privileges to run GRANT statements in that database because:
By default, Entra administrators only have privileges in the Postgres database.
They do not get database-level privileges in any user created databases (like "My-Database") unless explicitly granted by the PostgreSQL admin.
Question: How do I grant permission to newly added Microsoft Entra user to my database?
Step1. If your Entra admin group doesn’t already have access to "My-Database", you need to connect using the original PostgreSQL admin and run :
GRANT ALL ON DATABASE "My-Database" TO "DbAdmins" WITH GRANT OPTION;
Step2. Then connect as DbAdmins to My-Database and run:
SELECT * FROM pgaadauth_create_principal('[email protected]', false, false);
GRANT CONNECT ON DATABASE "My-Database" TO "[email protected]";
Question: Is there a role, which would allow it without running this grant command for every database?
No, there is no built-in role in Azure Database for PostgreSQL Flexible Server that automatically grants Microsoft Entra administrators access to all databases.
You've to manually run GRANT statements for each user-created database if you want them to have privileges. This behavior is by design to maintain explicit access control and security boundaries between databases.
Kindly go through the attached microsoft document for more refernce: https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users