Skip to main content

Azure SQL Database Security


Azure SQL Database Security

Azure enables a different level of security measures for their customers at both Server Level and Database Level.

Server Level means Azure SQL server level, not the subscription level, the security features it includes are:
·         Access to the SQL database is restricted to certain user roles.
·         Allows to set up Server firewall rules so that the users with certain IP addresses are permitted to access the database and allowed to manage the database.
·         Azure SQL databases uses logins at the server level to authenticate user requests, it doesn't support windows integrated authentication.
·         The master database roles have two roles: loginmanager role (has permissions to create and manage logins), dbmanager role (has permissions to create and manage databases).


At database level some of the security features are:

  • Extends access to client IP addresses by allowing to add additional firewall rules for individual databases.
  • GRANT, REVOKE, DENY statements can be executed to assign permissions to database objects for users and roles in the database.
  • Several database roles permissions are implemented at different levels, have a quick look at the above picture.

Comments

Popular posts from this blog

Troubleshooting transient connection errors to Azure SQL Database

Troubleshooting transient connection errors to Azure SQL Database Dear friends, I'm Yogesh. At my work place, I have faced these type of issues at times.  Let us understand what is this transient error?  A transient error has an underlying cause that soon resolves itself. It causes occasionally is when the Azure system quickly shifts hardware resources to better load-balance various workloads. Most of these reconfiguration events finish in less than 60 seconds.  During this reconfiguration time span, you might have connectivity issues to SQL Database.  To handle them, implement retry logic in their code instead of surfacing them to users as application errors. If your client program uses ADO.NET, your program is told about the transient error by the throw of  SqlException . What is the solution? Can Retry logic works? When your program communicates with SQL Database through third-party middleware, ask the vendor whether the middle ware contains retry logic for tr

Geo-Replication in SQL Azure Database

Geo-Replication in SQL Azure Database Geo-Replication  is one of the Azure SQL features which allows making 3 readable replicas to your database in same or different data centers. Geo-Replication option is available for all databases and service tiers in all region. If it is enabled, the application initiates to a secondary database. we will review how to set up Geo-Replication on Azure SQL databases. Geo-Replication is an Azure SQL database feature that allows you to create a readable secondary database in the same region or cross-region. We can failover to the secondary database in case of an outage for a long time on the primary database server. We can also use this feature to migrate a database from one server to another server in the same or cross region with minimal downtime. Geo-replication uses the Always-on feature to replicate committed transactions to the secondary database asynchronously. Select the database, Click on 'Geo Replication' in left hand

DTU and eDTU in Azure SQL

DTU and eDTU in Azure SQL The performance of SQL Database is based on DTU. According to Microsoft, a DTU is a unit of measure of the resources that are guaranteed to be available to a single Azure SQL Database at a specific performance level within a single database tier. A DTU combines CPU, memory, data I/O, and transaction I/O. Databases can be placed into an  elastic pool  on a SQL Database server that shares a pool of resources among those databases. The shared pool of resources are measured by  elastic Database transition units (eDTU) . The advantages of an elastic pool are: They are scaled automatically. They provide predictable costs. They are widely used for  varying  and  unpredictable usage patterns . Determining DTUs for Workloads ·          If you are planning to move your on-premises Databases to Azure SQL Database, Azure provides a  DTU Calculator  to find the approximate DTUs required for setting up the database. ·