![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 28.999999999999996%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Azure SQL Database
An Azure relational database service.
There are a number of ways to restrict access, but as you are trying to keep costs low, they may not be suitable for you.
One way that you could approach this is to create an additional user in your Azure subscription for the examiner and provide that account with permissions to update your firewall and add their own IP Address at the time of access.
To do this, you should first of all ensure that your SQL Server resource is the only resource within your Resource Group. This lets you be granular with your controls as you need to assign some high level permissions. Only you have this configured then you can add your examiners Azure AD identity to the SQL Server Contributor, SQL Server Security Manager IAM Roles scoped to the Resource Group only. Then add the examiners Azure AD identity to the Owner IAM Role scoped to the Resource Group only.
Be aware that this does provide the examiner with highly privileged access within your Azure subscription, but only scoped to the Resource Group with your SQL Server. They will then be prompted when they connect to login to your Azure Subscription and add their IP Address to the firewall rules.