Azure role-based access control (Azure RBAC) is the primary method of managing access in Azure. Managing who can access your Azure resources and subscriptions is an important part of your Azure governance strategy.
Azure RBAC is an authorization system built on Azure Resource Manager that provides granular access management to Azure resources. Azure RBAC allows you to manage access to your resources in Azure. When planning your access control strategy, itโs best practice to grant users the least privilege required to get their work done.
To assign roles or grant access, ensure that you have the appropriate Microsoft.Authorization/role assignment of Global Administrator.
๐ Note
Before you onboard or register subscriptions, ensure that you have the Users can register applications permission enabled for your user account in the Azure environment.
Permissions
The following table provides detailed information on the permissions required to grant Druva access to your Azure environment.
Category | Permission Name | Permission ID | Why Druva needs the Permission |
Onboarding permissions | Microsoft.ManagedIdentity | userAssignedIdentities/assign/action | Assign managed identity to the Druva's Quantum Bridge so that it can access the keyvault |
Discovery, Backup, and Restore permissions for SQL Databases | Microsoft.Sql | /servers/read
/servers/elasticPools/read
/servers/databases/read
/servers/databases/write
/servers/databases/delete
| Discover, backup and, restore Azure SQL Databases |
Discovery, Backup, and Restore permissions for SQL Managed Instances | Microsoft.Sql | /managedInstances/read
/managedInstances/databases/read
/managedInstances/databases/delete
/managedInstances/databases/write
| Discover, backup, and restore Azure SQL managed instances |
Discovery, Backup, and Restore permissions for SQL Managed Instances | Microsoft.Compute | /virtualMachines/runCommand/actio | Execute the SQL commands on the Druva Quantum Bridge and also for discovery of SQL servers on Azure VM. |
Related Keywords: Azure SQL roles and permissions, onboarding roles, onboarding permissions, Azure SQL permissions