question

SathishManokaran-4599 avatar image
0 Votes"
SathishManokaran-4599 asked AnshulKumarMINDTREELIMITED-5501 published

how to stop azure users with contributor access to stop adding client ip address

I would like to restrict Azure users with Contributor access from adding Client IP Address in Firewall and Virtual networks blade of SQL Server.

Users with Owner access should be able to add / whitelist Client IP addresses.
Wondering how to implement this in Azure. Please share your thoughts that is it possible? if not any alternatives suggestion would be of great help. Thanks

azure-sql-databaseazure-rbacazure-firewall
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·
MartinCairney-6481 avatar image
1 Vote"
MartinCairney-6481 answered MartinCairney-6481 edited

It sounds like you may have users in incorrect roles if they are permitted to do things you don't want them to do.

If you went into this in detail then it would mean a reworking of your Azure RBAC controls - removing users from the Contributor role and adding them to more granular roles where possible.

I'm guessing that this approach is less feasible for you - hence the question of how to pare back on a defined Role? It may be possible to look at Azure Policies to prevent changes to the Firewall Rules except to Owners? I haven't dived deeply into the Azure Role's detailed ability, but this would be my starting point to see if it can be achieved there.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SathishManokaran-4599 avatar image
0 Votes"
SathishManokaran-4599 answered

Thanks Martin for your response. I shall explore the options in Azure policies. Cheers

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.