Skip to main content
Roles and Permissions for Azure SQL
Updated over 2 weeks ago

โ— Important

This feature has limited availability. To know more about limited availability and sign up for this feature, contact your Account Manager.


Azure role-based access control (Azure RBAC) is the primary method of managing access in Azure. Managing who can access your Azure resources and subscriptions is an important part of your Azure governance strategy.

Azure RBAC is an authorization system built on Azure Resource Manager that provides granular access management to Azure resources. Azure RBAC allows you to manage access to your resources in Azure. When planning your access control strategy, itโ€™s best practice to grant users the least privilege required to get their work done.

To assign roles or grant access, ensure that you have the appropriate Microsoft.Authorization/role assignment of Global Administrator.


๐Ÿ“ Note

Before you onboard or register subscriptions, ensure that you have the Users can register applications permission enabled for your user account in the Azure environment.


Permissions

The following table provides detailed information on the permissions required to grant Druva access to your Azure environment.

Category

Permission Name

Permission ID

Why Druva needs the Permission

Onboarding permissions

Microsoft.ManagedIdentity

userAssignedIdentities/assign/action

Assign managed identity to the Druva's Quantum Bridge so that it can access the keyvault

Discovery, Backup, and Restore permissions for SQL Databases

Microsoft.Sql

/servers/read

/servers/elasticPools/read

/servers/databases/read

/servers/databases/write

/servers/databases/delete

Discover, backup and, restore Azure SQL Databases

Discovery, Backup, and Restore permissions for SQL Managed Instances

Microsoft.Sql

/managedInstances/read

/managedInstances/databases/read

/managedInstances/databases/delete

/managedInstances/databases/write

Discover, backup, and restore Azure SQL managed instances

Discovery, Backup, and Restore permissions for SQL Managed Instances

Microsoft.Compute

/virtualMachines/runCommand/actio

Execute the SQL commands on the Druva Quantum Bridge and also for discovery of SQL servers on Azure VM.

Related Keywords: Azure SQL roles and permissions, onboarding roles, onboarding permissions, Azure SQL permissions

Did this answer your question?