Configure API Permissions
Configuring API permissions for desktop and Model Manager
In the Azure portal in the App Registration section, select API permissions and add the following Microsoft Graph permissions as required by your deployment:
Microsoft Graph permissions:
User Read — Read the signed-in user profile.
User.Read.All — Read user profiles (required to resolved users).
Group.Read.All — Read group profiles (required to resolved groups).
GroupMember.Read.All — Read group memberships (required to resolved group memberships).
To enable Entra ID authentication for Azure SQL Database connections, add the Azure SQL Database deleted permission user_impersonation (you may need to select APIs my organization uses and search for Azure SQL Database.
The product requests the scope https://database.windows.net/.default when obtaining an access token for Azure SQL Database.
Add the delegated permission user_impersonation under Azure SQL Database so the application can request tokens for SQL on behalf of the signed-in user.
Ensure the application registration and the SQL server are in the same tenant (or appropriately configured to allow token issuance as required by your organization).
Configuring API Permissions for Web Interface
In the Web Interface application registration, select API permissions and add the following Microsoft Graph deleted permission:
User.Read — Read the signed-in user profile.
Was this helpful?