I see a couple of different options for access control in Azure SQL server. There is a panel on Azure called access control (IAM) where roles like contributor/reader can be assigned to users.
The second place is the SQL server security artifacts which can be viewed in SSMS. Understanding how one of these policies works is straightforward, but how do these two policies work in tandem?
According your comment, please look at this Azure SQL database document: An overview of Azure SQL Database security capabilities:
This article outlines the basics of securing the data tier of an application using Azure SQL Database. The security strategy described follows the layered defense-in-depth approach as shown in the picture below, and moves from the outside in:
It will help you learn from the Azure SQL database security. To know more about the access control and Authorization.
Azure also gives the security best practices to teach you how to use these them.
Reference: Azure SQL Database security best practices playbook. This document provides guidance on how to solve common security requirements for new or existing applications using Azure SQL Database.
Hope this helps.
Related
I'm trying to find a way from within Azure SQL to either 1) enumerate members of an Azure Active Directory security group or 2) check if a user login is a member of an SG. I've found various articles about doing it from a domain joined standalone SQL installation but not from Azure SQL. Most of the samples for the standalone installation use system sprocs like xp_cmdshell which don't exist in Azure SQL. I know I can create an Azure Function or Logic App to sync users to a table but I'd like to avoid using an external process to do this if possible.
#Kalyan Chanumolu-MSFT's comment should be very helpful to you. This scenario is not supported today.
You can try to use his suggestion.
You will have to talk to Microsoft Graph API from an intermediate like an Azure function to relay the data to Azure SQL Database.
You also can raise a support ticket to confirm it and also can put forward your suggestions in the feedback.
Azure Database for MySQL server is still in preview, though we can created database instance on it.
I wonder do we have any API to retrieve the databases that we created on Azure Database for MySQL server? API for metrics of those databases?
Same questions for Azure Database for PostgreSQL server. Thanks!
Related Azure portal screenshot
We have just released the REST API spec today. You can find it here - https://learn.microsoft.com/en-us/rest/api/mysql/
Here's the REST API reference to list all the databases under a server: https://learn.microsoft.com/en-us/rest/api/mysql/databases#Databases_ListByServer
well, they obviously exist, but they are not publicly available yet. I don't see anything reasonable on the REST API reference page.
You may figure this out using the Azure portal + fiddler combo ;)
What do you mean retrieve the databases? You can connect to them in Visual Studio with your SQL server object explorer and entering the server name Azure gave you as the server. I don't know if I am understanding your question right? You can connect to the database just like any other SQL database using a SqlConnection.
EDIT:
I looked into it a little more:
https://learn.microsoft.com/en-us/azure/sql-database/sql-database-connect-query-dotnet-visual-studio
Essentially what I was saying. Provided you have successfully connected your SQL db to Azure you just access it like any other database. For PostgresSql, look into using NpgsqlConnection instead of SqlConnection. They have very similar functionality.
tried creating a federation from using sql server management studio but got this weird error after executing the CREATE FEDERATION command.
here is the query and the error result after executing it.
I just hope someone has ran into this before.
Happy Coding..
Federations are no longer supported in Azure SQL Database. Depending on your application, consider putting each Federation member into its own dedicated database in an Elastic Pool, or sharding your data across a few databases. The different alternative application patterns with links to the feature documentation are discussed in more detail here: https://azure.microsoft.com/en-us/documentation/articles/sql-database-design-patterns-multi-tenancy-saas-applications/.
Hope this helps.
Thanks,
Torsten
The use case is Distributed deployment of Web Application on Azure using PaaS. I read the Azure documentation on SQL Azure database geo-replication, and it seems none of the services tiers best fit this need. The other option is SQL Sync, which is in preview and cannot be used in production.It seems Microsoft Azure does not have any way for a redundant database centric application using PaaS model.
Please help how to resolve the issue or any alternate solution.
Akanksha
Both SQL Data Sync and Geo-replication are for database redundant using. But we need to know you detailed scenarios, so that we can say which one is more fit. Basically Geo-replication is DB level data synchronization used for DR. SQL Data Sync is Table level data synchronization used for reference data replication for both Azure DB and On-prem DB.
Right now, our application only has one Web Site instance along with SQL Database deployed at Azure US datacenter. We are looking for deploying more Web Site instance at other datacenter such as APAC and Europe. There still be a local SQL Database for each of those web site instance. We would like end user could fail over to another instance if his registered instance is not available, such as if US web site instance is down, we could fail over user to Europe instance. With this, we would need to synchronize local SQL Database at all data centers, US, Europe and APAC.
So we are looking for what's best approach to implement the database synchronization here for Azure SQL Database. Here are what we found at this point:
Azure Data Sync, it looks like that it is the perfect choice since it is available right away at Azure Management Portal and it would be up and running with some simple configuration. However there seems couple catches. The feature has been on preview about 2 years now (see this link with the following quote from comment):
SQL Data Sync has been in preview for over 2 years and the last update was December 2012. Has this been abandoned? Is this a technology we should encourage our clients to use? There absolutely needs to be an ability to synchronize data between a local SQL DB and Azure but Microsoft seems to have dropped this and I'm leery of putting a client on this only to find that the plug has been pulled. You owe it to your users to give us some information
I also saw the post Azure data sync not syncing all databases at SO, it seems that this feature is a second class feature at Azure and MS doesn't really pay sufficient attention to it. So I am worried how good it is.
Microsoft Sync Framework, it seems a more generic sync framework and more suitable for client and server sync instead of sync among server database. Plus it is not simple as above SQL Data Sync which is available just by configuration at Azure.
Any other suggestions on sql database sync at Azure? It would be really appreciated if you could share your experience here.
Thanks very much in advance for your insight.
Update:
Azure Data Sync is built upon using Microsoft Sync Framework: see link, the quote:
Microsoft SQL Data Sync is a cloud-based data synchronization service built on the Microsoft Sync Framework technologies.
Since no one is answering this question and I am going to do it myself. Based on some latest information, the Azure Data Sync is buggy and can not be used for production at this point. I guess that's the reason why it never moves out of preview even after around 2 years. There is no other good approach for handling Azure SQL Database sync at this point unless you want to build something yourself.
you can use RedGate Data Compare to sync your Azuresql DB with your Local DB