I had an SQL database with one read-write role, that had an AAD group assigned, where the Server principal of my App service was added. The application was running normally, accessing the database without any problem.

Recently I created a new role with more permissions than the last one and assigned it to a different AAD group, where I added as well the Service Principal.

Doing operations that require these new permissions added is Denying me because of insufficient permissions. I restarted the app service several times, to see if this way it "triggers" a refresh of the permissions, without luck.

As the last test, I removed the service principal from both groups (so the app shouldn't have access at all to the database), but the app is behaving as before, being able to read-write data to the database.

I tried several ways to refresh permissions but I don't seem to find the correct way. Any light into this is really appreciated.