Thank you for reaching out.
My understanding is that you are looking for the right role to give to users the ability to perform creation/deletion/updating of Firewall Rules.
To be able to create and manage IP firewall rules for the Azure SQL Server, you will need to either be:
- in the SQL Server Contributor role
- in the SQL Security Manager role
- the owner of the resource that contains the Azure SQL Server
- SQL Security Manager:
- This role is designed to give access to security aspects of a SQL Server.
- Users with this role can manage IP firewall rules for the Azure SQL Server.
- They can create, delete, and update firewall rules directly from the Azure portal.
- Importantly, this role provides the desired ability without granting other network-related access.
- Assign this role to users who need to work with firewall rules for SQL Server resources.
- SQL Server Contributor:
- This role provides more extensive permissions related to SQL Server management.
- Users with this role can also manage firewall rules for SQL Server resources.
- However, it includes additional permissions beyond just firewall rules.
- If you want to limit access strictly to firewall rules, consider using the SQL Security Manager role instead.
Make sure to assign these roles at the appropriate scope (management group, subscription, resource group, or resource level) based on your organization’s requirements.
https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure?view=azuresql
Hope that helps.
Regards,
Oury