# Azure SQL

## Requirements

* Within Azure, an Entra App was created and configured as described [here](/connectors/azure.md)
* Within Teleskope, you have a Teleskope Account with the Admin role

## Permissions

{% stepper %}
{% step %}
**Grant the Teleskope App the following roles:**

Grant the Teleskope app the following role via Access Management (IAM) at the subscription, resource group, or server level:

* SQL Server Contributor
* SQL Managed Instance Contributor
  {% endstep %}

{% step %}
**Create a Teleskope user on each database**

**Teleskope Database User**

For each SQL instance you would like to scan using Teleskope, you will need to create/provide credentials for a database user, and grant that user permissions.

**Create Teleskope User**

**Create Database User (Without IAM Authentication)**

```sql
CREATE LOGIN teleskope_ro WITH PASSWORD = '****PASSWORD****';
CREATE USER teleskope_ro FOR LOGIN teleskope;
```

**Grant Read Access to Teleskope user**

```sql
GRANT VIEW ANY DATABASE TO teleskope_ro;

DECLARE @sql NVARCHAR(MAX);
SET @sql = '';

-- Generate the dynamic SQL for each database
SELECT @sql += 
    'USE [' + name + ']; 
    GRANT SELECT TO teleskope_ro;
    GRANT VIEW DATABASE STATE TO teleskope_ro;' + CHAR(13)
FROM sys.databases
WHERE state = 0 AND name NOT IN ('tempdb', 'model', 'msdb'); -- Exclude system databases

-- Execute the generated SQL
EXEC sp_executesql @sql;
```

**Grant Write Access to Teleskope user (optional)**

```sql
DECLARE @sql NVARCHAR(MAX);
SET @sql = '';

-- Generate the dynamic SQL for each database
SELECT @sql += 
    'USE [' + name + ']; 
     GRANT UPDATE TO teleskope_ro;
     GRANT DELETE TO teleskope_ro;' + CHAR(13)
FROM sys.databases
WHERE state = 0 AND name NOT IN ('tempdb', 'model', 'msdb'); -- Exclude system databases

-- Execute the generated SQL
EXEC sp_executesql @sql;
```

{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.teleskope.ai/connectors/azure/azure-sql.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.