This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 56.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
I was curious if this snippet was a poor security suggestion
"To run LRS, you must have one of the following Azure role-based access control (RBAC) role: Subscription Owner, SQL Managed Instance Contributor, or a custom role with the permission Microsoft.Sql/managedInstances/databases/*."
Subscription Owner has much more permissions than SQL MI Contributor to my understanding, so shouldn't that be the primary suggestion made for RBAC purposes?
https://learn.microsoft.com/en-us/training/modules/migrate-sql-workloads-azure-managed-instances/3-use-log-replay
I edited, but it appears that the edits aren't appearing and it will not accept them, pasting the updated version below:
I was curious if this snippet was a poor security suggestion
"To run LRS, you must have one of the following Azure role-based access control (RBAC) role: Subscription Owner, SQL Managed Instance Contributor, or a custom role with the permission Microsoft.Sql/managedInstances/databases/*."
Subscription Owner has much more permissions than SQL MI Contributor to my understanding, so shouldn't that be the primary suggestion made for RBAC purposes?
https://learn.microsoft.com/en-us/training/modules/migrate-sql-workloads-azure-managed-instances/3-use-log-replay
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 3%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Hi Blake Deckard,
Thank you for reaching out to us on the Microsoft Q&A forum.
Yes, Subscription Owner has much more permissions, but also the based as per the requirements the Azure role-based access control (RBAC) roles will be assigned.
In certain situations, not everyone possesses owner access. In such cases, learners have the option to select alternative access privileges like (Contributor, or a custom role with the permissions)
If the information is helpful, please accept the answer by clicking the "Accept Answer" on the post. If you are still facing any issue, please let us know in the comments. We are happy to help you.
Thank you.
Hi Blake Deckard,
Just checking in to see if you had a chance to see my response to your question. Please tell us if it was helpful and feel free to reach out to us if you have any queries.
Thank you.
Hi Blake Deckard,
Hope you are doing good.
Just checking in to see if you had a chance to see my response to your question. Please tell us if it was helpful and feel free to reach out to us if you have any queries.
Thank you.
Hi @Mahesh Goud Juvvadi Thank you for your response! I ended up submitting a PR to the docs to have this updated as the role suggestion was overly permissive for what the docs were trying to achieve. This PR was accepted and is now merged and this question should no longer reply.
I ended up submitting a PR to the docs to have this updated as the role suggestion was overly permissive for what the docs were trying to achieve. This PR was accepted and is now merged and this question should no longer reply.