VA2108 - Minimal set of principals should be members of fixed high impact database roles

Question

VA2108 - Minimal set of principals should be members of fixed high impact database roles

09574923 0

Hi Everyone,

I need some help resolving the following error's I am noticing in the attached screenshot below, can someone help me here? what does not in a baseline mean?

User's image

GeethaThatipatri-MSFT 21,476 Reputation points Microsoft Employee

2023-09-06T15:48:08.78+00:00

Hi, @09574923 I am checking to see if you got a chance to look into the below response. Please let us know if you have any further questions.

Regards

Geetha

GeethaThatipatri-MSFT 21,476 Reputation points Microsoft Employee

2023-09-06T15:48:08.78+00:00

Hi, @09574923 I am checking to see if you got a chance to look into the below response. Please let us know if you have any further questions.

Regards

Geetha

Answer 1

Those principals listed on the Principal column are part of the fixed database roles listed on the Role column. Make sure they need those permissions, if they do then accept them as baseline. However, what the rule wants you to do is try to create custom roles on Azure SQL and use custom roles to give those principals only the permissions required for the tasks they need to perform instead of adding them to fixed roles.

Answer 2

GeethaThatipatri-MSFT 21,476 Microsoft Employee

Hi, @09574923 Thanks for posting your question in the Microsoft Q&A forum.

Adding to @Alberto Morillo These are not errors, these are the vulnerabilities that were found in rule VA2108. Please read our documentation about baselines and vulnerabilities remediation.

Regards

Geetha

VA2108 - Minimal set of principals should be members of fixed high impact database roles

2 answers

Activity