VA2108 - Minimal set of principals should be members of fixed high impact database roles

09574923 0 Reputation points
2023-09-05T15:27:17.05+00:00

Hi Everyone,

I need some help resolving the following error's I am noticing in the attached screenshot below, can someone help me here? what does not in a baseline mean?

User's image

Azure SQL Database
{count} votes

2 answers

Sort by: Most helpful
  1. Alberto Morillo 33,251 Reputation points MVP
    2023-09-05T16:32:55.5233333+00:00

    Those principals listed on the Principal column are part of the fixed database roles listed on the Role column. Make sure they need those permissions, if they do then accept them as baseline. However, what the rule wants you to do is try to create custom roles on Azure SQL and use custom roles to give those principals only the permissions required for the tasks they need to perform instead of adding them to fixed roles.

    0 comments No comments

  2. GeethaThatipatri-MSFT 28,537 Reputation points Microsoft Employee
    2023-09-07T15:41:45.35+00:00

    Hi, @09574923 Thanks for posting your question in the Microsoft Q&A forum.

    Adding to @Alberto Morillo These are not errors, these are the vulnerabilities that were found in rule VA2108. Please read our documentation about baselines and vulnerabilities remediation.

    Regards

    Geetha

    0 comments No comments