I'm trying to find a way from within Azure SQL to either 1) enumerate members of an Azure Active Directory security group or 2) check if a user login is a member of an SG. I've found various articles about doing it from a domain joined standalone SQL installation but not from Azure SQL. Most of the samples for the standalone installation use system sprocs like xp_cmdshell which don't exist in Azure SQL. I know I can create an Azure Function or Logic App to sync users to a table but I'd like to avoid using an external process to do this if possible.
#Kalyan Chanumolu-MSFT's comment should be very helpful to you. This scenario is not supported today.
You can try to use his suggestion.
You will have to talk to Microsoft Graph API from an intermediate like an Azure function to relay the data to Azure SQL Database.
You also can raise a support ticket to confirm it and also can put forward your suggestions in the feedback.
Related
I see a couple of different options for access control in Azure SQL server. There is a panel on Azure called access control (IAM) where roles like contributor/reader can be assigned to users.
The second place is the SQL server security artifacts which can be viewed in SSMS. Understanding how one of these policies works is straightforward, but how do these two policies work in tandem?
According your comment, please look at this Azure SQL database document: An overview of Azure SQL Database security capabilities:
This article outlines the basics of securing the data tier of an application using Azure SQL Database. The security strategy described follows the layered defense-in-depth approach as shown in the picture below, and moves from the outside in:
It will help you learn from the Azure SQL database security. To know more about the access control and Authorization.
Azure also gives the security best practices to teach you how to use these them.
Reference: Azure SQL Database security best practices playbook. This document provides guidance on how to solve common security requirements for new or existing applications using Azure SQL Database.
Hope this helps.
I am trying to create a pipeline to copy some data between Azure SQL databases on different servers, but creating a Linked Service using SQL authentication fails (and gives no helpful information, just a dialog box saying it failed). I think that the server VMs are in different tenancies or different subscriptions (I am not sure of the distinction), so I am guessing that the one I am working in cannot see the one I want the connection to go to. Is that likely, and what needs to be done to make it work? Any advice welcome, including RTFM if you can point me at the right one and it doesn't take weeks to wade through it!
In case anyone hits the same issue: the problem turned out to be the 'encrypted' checkbox in the self-hosted integration runtime (IR). Clearing this flag allowed the IR to see the target database, and the pipeline could then be created with the new connection set to use that IR. #Leon Yue: both databases are Azure SQL instances on Azure PaaS VMs.
Azure Database for MySQL server is still in preview, though we can created database instance on it.
I wonder do we have any API to retrieve the databases that we created on Azure Database for MySQL server? API for metrics of those databases?
Same questions for Azure Database for PostgreSQL server. Thanks!
Related Azure portal screenshot
We have just released the REST API spec today. You can find it here - https://learn.microsoft.com/en-us/rest/api/mysql/
Here's the REST API reference to list all the databases under a server: https://learn.microsoft.com/en-us/rest/api/mysql/databases#Databases_ListByServer
well, they obviously exist, but they are not publicly available yet. I don't see anything reasonable on the REST API reference page.
You may figure this out using the Azure portal + fiddler combo ;)
What do you mean retrieve the databases? You can connect to them in Visual Studio with your SQL server object explorer and entering the server name Azure gave you as the server. I don't know if I am understanding your question right? You can connect to the database just like any other SQL database using a SqlConnection.
EDIT:
I looked into it a little more:
https://learn.microsoft.com/en-us/azure/sql-database/sql-database-connect-query-dotnet-visual-studio
Essentially what I was saying. Provided you have successfully connected your SQL db to Azure you just access it like any other database. For PostgresSql, look into using NpgsqlConnection instead of SqlConnection. They have very similar functionality.
I have a prototype paas (platform as a service). The solution currently saves data for all customers in a single sql instance. For now this is fine, but I worry about slowdowns when the db grows. I reason I could keep the service running fast if each customer had their own database.
I was looking on the Azure portal and I found nothing. I can easily create a new database manually - but - I don't want that, I want to keep everything automated. Is there a way I can setup a sql server 'group' ?
While I am at it, SQL is not a requirement. My data is noSQL ready. Is this something I could do with monogoDB running on a worker role ? me.
You should look at the Azure DocumentDb preview, which is a NoSQL database provided as a managed service.
There is a Azure SQL Managment Nuget
http://www.nuget.org/packages/Microsoft.WindowsAzure.Management.Sql
http://www.bradygaster.com/post/managing-windows-azure-sql-databases-using-the-management-libraries-for-net
Is there any solution to user-specific reporting with Azure SSRS? I have an Azure database with a user table and only want my reports to query data pertaining to the user.
Any tips/alternatives would be greatly appreciated.
Windows Azure SSRS supports the User!UserID property so you can use it for user-specific reporting and that would be the easiest way to get it done.
Also about filtering SQL query using the user_name() may work or not. If you use ‘Stored Credential’ option for the RS data source, the same credential will be shared by multiple users. In that case, you can’t rely on user_name(). If you use ‘Prompt’, and if each user needs to supply a unique credential for himself or herself, then you can use user_name().
Does Azure SSRS support the User!UserID property? If not, you should be able to filter in the SQL query using the user_name() function.
these guys actually implemented user specific SQL queries in their report. check it out:
http://www.upsizing.co.uk/Art68_ReportViewerControlAndSQLAzure.aspx