LogoLogo
  • Getting Started
    • Welcome to Teleskope.ai
    • Your Journey with Teleskope
  • The Platform
    • Data Catalog
    • Data Subject Rights
      • Integrations
      • Enroll Third Party Integrations
        • Amplitude
        • Google Analytics
        • Salesforce
        • Bazaar Voice
      • Enroll Structured Databases
      • Deletion Methods
    • Policy Maker
    • Issues
    • API Service
      • Scanning API
        • v1/classify
        • v1/classifyCollection
        • v1/scan
      • Redaction API
        • v1/scrub
      • Data Subject Rights
        • GET v1/dsr/requests
        • POST v1/dsr/requests
      • Metadata
        • v1/aws/rds
        • v1/aws/s3
        • v1/snowflake
        • v1/snowflake/users
        • v1/gcp/bigquery
        • v1/gcp/cloudstorage
        • v1/gcp/cloudsql
  • Setup
    • Deployment
    • Role Based Access Control
    • SSO
      • Okta
      • Microsoft Entra
      • Google Auth
  • Specifications
    • Data Store Coverage
    • Compliance Frameworks
    • Redaction Methodologies
    • Data Elements
  • Connectors
    • AWS
      • Athena
      • RDS
      • DynamoDB
      • Redshift
      • S3
      • SNS
      • SQS
    • GCP
      • Cloud Storage
      • Grant Teleskope Access to BigQuery
      • CloudSQL
      • Grant Teleskope Access to CloudLogging
    • SaaS
      • Github
      • Google Drive
      • Jira
      • Segment
      • Zendesk
      • DropBox
      • Box
      • Bitbucket
      • Slack
      • Sharepoint Online
    • Snowflake
    • Azure
      • Azure SQL
      • Azure Database
      • Blob Storage
      • CosmosDB
      • Synapse
    • Databricks
  • DSR
  • Alerting Integrations
    • Slack
    • Tines
Powered by GitBook
On this page
  • Requirements
  • Permissions

Was this helpful?

  1. Connectors
  2. Azure

Azure SQL

PreviousAzureNextAzure Database

Last updated 2 months ago

Was this helpful?

Requirements

  • Within Azure, an Entra App was created and configured as described

  • Within Teleskope, you have a Teleskope Account with the Admin role

Permissions

1

Grant the Teleskope App the following roles:

Grant the Teleskope app the following role:

  • SQL Server Contributor

  • SQL Managed Instance Contributor

2

Create a Teleskope user on each database

Teleskope Database User

For each SQL instance you would like to scan using Teleskope, you will need to create/provide credentials for a database user, and grant that user permissions.

Create Teleskope User

Create Database User (Without IAM Authentication)

CREATE LOGIN teleskope WITH PASSWORD = '****PASSWORD****';
CREATE USER teleskope FOR LOGIN teleskope;

Grant Read Access to Teleskope user

GRANT VIEW ANY DATABASE TO teleskope_ro;

DECLARE @sql NVARCHAR(MAX);
SET @sql = '';

-- Generate the dynamic SQL for each database
SELECT @sql += 'USE [' + name + ']; GRANT SELECT TO teleskope_ro;' + CHAR(13)
FROM sys.databases
WHERE state = 0 AND name NOT IN ('master', 'tempdb', 'model', 'msdb'); -- Exclude system databases

-- Execute the generated SQL
EXEC sp_executesql @sql;

Grant Write Access to Teleskope user (optional)

DECLARE @sql NVARCHAR(MAX);
SET @sql = '';

-- Generate the dynamic SQL for each database
SELECT @sql += 
    'USE [' + name + ']; 
     GRANT UPDATE TO teleskope_ro;
     GRANT DELETE TO teleskope_ro;' + CHAR(13)
FROM sys.databases
WHERE state = 0 AND name NOT IN ('master', 'tempdb', 'model', 'msdb'); -- Exclude system databases

-- Execute the generated SQL
EXEC sp_executesql @sql;
here