Azure SQL

Requirements

Within Azure, an Entra App was created and configured as described here
Within Teleskope, you have a Teleskope Account with the Admin role

Permissions

Grant the Teleskope App the following roles:

Grant the Teleskope app the following role:

SQL Server Contributor
SQL Managed Instance Contributor

Create a Teleskope user on each database

Teleskope Database User

For each SQL instance you would like to scan using Teleskope, you will need to create/provide credentials for a database user, and grant that user permissions.

Create Teleskope User

Create Database User (Without IAM Authentication)

CREATE LOGIN teleskope WITH PASSWORD = '****PASSWORD****';
CREATE USER teleskope FOR LOGIN teleskope;

Grant Read Access to Teleskope user

GRANT VIEW ANY DATABASE TO teleskope_ro;

DECLARE @sql NVARCHAR(MAX);
SET @sql = '';

-- Generate the dynamic SQL for each database
SELECT @sql += 'USE [' + name + ']; GRANT SELECT TO teleskope_ro;' + CHAR(13)
FROM sys.databases
WHERE state = 0 AND name NOT IN ('master', 'tempdb', 'model', 'msdb'); -- Exclude system databases

-- Execute the generated SQL
EXEC sp_executesql @sql;

Grant Write Access to Teleskope user (optional)

DECLARE @sql NVARCHAR(MAX);
SET @sql = '';

-- Generate the dynamic SQL for each database
SELECT @sql += 
    'USE [' + name + ']; 
     GRANT UPDATE TO teleskope_ro;
     GRANT DELETE TO teleskope_ro;' + CHAR(13)
FROM sys.databases
WHERE state = 0 AND name NOT IN ('master', 'tempdb', 'model', 'msdb'); -- Exclude system databases

-- Execute the generated SQL
EXEC sp_executesql @sql;

PreviousAzure NextAzure Database

Last updated 2 months ago

Was this helpful?

Azure SQL

Requirements

Within Azure, an Entra App was created and configured as described here
Within Teleskope, you have a Teleskope Account with the Admin role

Permissions

Grant the Teleskope App the following roles:

Grant the Teleskope app the following role:

SQL Server Contributor
SQL Managed Instance Contributor

Create a Teleskope user on each database

Teleskope Database User

For each SQL instance you would like to scan using Teleskope, you will need to create/provide credentials for a database user, and grant that user permissions.

Create Teleskope User

Create Database User (Without IAM Authentication)

CREATE LOGIN teleskope WITH PASSWORD = '****PASSWORD****';
CREATE USER teleskope FOR LOGIN teleskope;

Grant Read Access to Teleskope user

GRANT VIEW ANY DATABASE TO teleskope_ro;

DECLARE @sql NVARCHAR(MAX);
SET @sql = '';

-- Generate the dynamic SQL for each database
SELECT @sql += 'USE [' + name + ']; GRANT SELECT TO teleskope_ro;' + CHAR(13)
FROM sys.databases
WHERE state = 0 AND name NOT IN ('master', 'tempdb', 'model', 'msdb'); -- Exclude system databases

-- Execute the generated SQL
EXEC sp_executesql @sql;

Grant Write Access to Teleskope user (optional)

DECLARE @sql NVARCHAR(MAX);
SET @sql = '';

-- Generate the dynamic SQL for each database
SELECT @sql += 
    'USE [' + name + ']; 
     GRANT UPDATE TO teleskope_ro;
     GRANT DELETE TO teleskope_ro;' + CHAR(13)
FROM sys.databases
WHERE state = 0 AND name NOT IN ('master', 'tempdb', 'model', 'msdb'); -- Exclude system databases

-- Execute the generated SQL
EXEC sp_executesql @sql;

PreviousAzure NextAzure Database

Last updated 2 months ago

Was this helpful?