search

Azure SQL

hashtag
Requirements

  • Within Azure, an Entra App was created and configured as described here

  • Within Teleskope, you have a Teleskope Account with the Admin role

hashtag
Permissions

1

hashtag
Grant the Teleskope App the following roles:

Grant the Teleskope app the following role via Access Management (IAM) at the subscription, resource group, or server level:

  • SQL Server Contributor

  • SQL Managed Instance Contributor

2

hashtag
Create a Teleskope user on each database

hashtag
Teleskope Database User

For each SQL instance you would like to scan using Teleskope, you will need to create/provide credentials for a database user, and grant that user permissions.

hashtag
Create Teleskope User

hashtag
Create Database User (Without IAM Authentication)

CREATE LOGIN teleskope_ro WITH PASSWORD = '****PASSWORD****';
CREATE USER teleskope_ro FOR LOGIN teleskope;

hashtag
Grant Read Access to Teleskope user

GRANT VIEW ANY DATABASE TO teleskope_ro;

DECLARE @sql NVARCHAR(MAX);
SET @sql = '';

-- Generate the dynamic SQL for each database
SELECT @sql += 
    'USE [' + name + ']; 
    GRANT SELECT TO teleskope_ro;
    GRANT VIEW DATABASE STATE TO teleskope_ro;' + CHAR(13)
FROM sys.databases
WHERE state = 0 AND name NOT IN ('tempdb', 'model', 'msdb'); -- Exclude system databases

-- Execute the generated SQL
EXEC sp_executesql @sql;

hashtag
Grant Write Access to Teleskope user (optional)

DECLARE @sql NVARCHAR(MAX);
SET @sql = '';

-- Generate the dynamic SQL for each database
SELECT @sql += 
    'USE [' + name + ']; 
     GRANT UPDATE TO teleskope_ro;
     GRANT DELETE TO teleskope_ro;' + CHAR(13)
FROM sys.databases
WHERE state = 0 AND name NOT IN ('tempdb', 'model', 'msdb'); -- Exclude system databases

-- Execute the generated SQL
EXEC sp_executesql @sql;
PreviousAzureNextAzure Database

Last updated

Was this helpful?