When using the RBAC roles, the actions of the Azure role members inside the database (such as listing tables) are executed for them by the Database Engine so they are not affected by the standard SQL Server permission system of GRANT/REVOKE/DENY statements. Many of these management plane operations are the items you can see and configure when using the Azure portal. And permits creating, deleting and configuring some server-level features that relate to SQL Database. These management plane operations include the ability to read various properties and schema elements in SQL Database. These roles provide access to the management plane operations but not to the data plane operations. This topic describes how you can use the server-level principal and other accounts to manage logins and databases in SQL Database.Īzure users accessing SQL Database through Azure Role-Based Access Control (RBAC) and the Azure Resource Manager REST API receive permissions from their Azure Roles. The Azure SQL Database server-level principal account always has permission to manage all server-level and database-level security.
The concepts described in this topic also apply to Azure SQL Data Warehouse. That login is similar to the server-level principal ( sa), for an on-premises instance of SQL Server. In Microsoft Azure SQL Database, when you sign up for the service, the provisioning process creates an Azure SQL Database server, a database named master, and a login that is the server-level principal of your Azure SQL Database server. Database provisioning and server-level principal login See Azure SQL Database Tutorial: Get Started with Azure SQL Database Security for a quick tutorial. Understand some differences and similarities in login security options between SQL Database and an on-premises SQL Server. Learn about SQL Database security management, specifically how to manage database access and login security through the server-level principal account. SQL Database security: Manage database access and login security
0 kommentar(er)
