question

MartinekJiri-1931 avatar image
0 Votes"
MartinekJiri-1931 asked JamesTran-MSFT commented

SQL in Azure VM, What are minimal access rights to make "SQL Server configuration" in Azure portal workable ?

What are minimal access rights to make "SQL Server configuration" in Azure portal workable ? VM contributor together with SQL* roles are not sufficient , It hangs in loading. For owner it works of course.

azure-rbacazure-sql-virtual-machines
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MartinekJiri-1931
Thank you for your post and I apologize for the delayed response!

  • For the Azure RBAC side of things, can you share a screenshot of what you're trying to do, so I can gain a better understanding of your issue?

  • Is the SQL Server Configuration option located within the Azure Portal? Is this within a SQL DB or SQL Server VM?

  • Are you receiving any error messages when the page hangs or fails to load?


Any additional information would be greatly appreciated!
Thank you for your time and patience throughout this issue.

0 Votes 0 ·

Hello,
Here are more details:
There is no error message.
Yes, it is SQL Configuration option in Azure portal.
SQL installed on VM.
It works for subscription owner normally :), but i am searching some minimal access for DB admins, and smthg is missing in my rbac estimate.
In other words, is there any role i can add to allow access SQL Configuration generally. SQL server Contributor is not the right one. (Purpose of this one are only SQL servers for PaaS seems)
Is some custom role only option ?
Pictures attached.
Thank you
198650-image.png


198723-image.png

198731-image.png


0 Votes 0 ·
image.png (5.8 KiB)
image.png (35.6 KiB)
image.png (40.4 KiB)

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered JamesTran-MSFT commented

@MartinekJiri-1931
Thank you for the quick follow up and for sharing a screenshot of your issue!

When it comes to the RBAC role in order to access the SQL Server Configuration page, I was able to do this with the VM Contributor role assigned at the Resource Group level. Since the VM and SQL VM are both Virtual Machines, assigning the VM Contributor role at the Resource (for both resources) or Resource Group scope should resolve your issue.

199385-image.png

199386-image.png
Note: When assigning new RBAC roles, please allow ~5-10minutes for the new permissions to propagate.


If you're still having issues, please let me know.
Thank you for your time and patience throughout this issue.


image.png (6.9 KiB)
image.png (102.6 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you!
So, it means - if the sql vm is counted also as a "normal" vm then I can't provide access on subscription level and grant access just only for all SQLs. Am I right?

0 Votes 0 ·

@MartinekJiri-1931
Thank you for following up on this!

For the RBAC side of things, if you assign the VM Contributor role at the Subscription level the role will "inherit" at the resource level too. However, if you're having issues with the SQL Config page specifically, you can always try to assign the RBAC role at the Resource/Resource Group level for another user to see if that resolves the issue. When walking through this in my lab, I didn't run into any issues with loading the SQL Config page with the VM Contributor role.

  • If you're still having issues, can you try accessing the page from another browser?

  • Or see if any other users within your tenant are running into this issue?


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·