Share via

Security for small business

Kenneth Robinson 0 Reputation points
2024-03-20T22:15:29.2033333+00:00

I have setup a sql server database in Azure connecting via a VB.net application and am confused on the best way for a small group of users to connect. They also travel so they need a secure and convenient way to connect. I have been told to use Entra ID however this seems complex…

Regards,

Ken

Azure SQL Database
Microsoft Security | Microsoft Entra | Microsoft Entra ID

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SSingh-MSFT 16,461 Reputation points Moderator
    2024-03-21T13:29:03.09+00:00

    Hi Kenneth Robinson,

    Welcome to Microsoft Q&A forum.

    As I understand, you want to setup Azure SQL Server to connect by group of users securely.

    In Azure SQL Database, the server is a logical concept and permissions can't be granted at the server level. To simplify permission management, Azure SQL Database provides a set of fixed server-level roles to help you manage the permissions on a logical server. Roles are security principals that group logins.

    These special fixed server-level roles use the prefix ##MS_ and the suffix ## to distinguish from other regular user-created principals.

    Like SQL Server on-premises, server permissions are organized hierarchically. The permissions that are held by these server-level roles can propagate to database permissions. For the permissions to be effectively useful at the database level, a login needs to either be a member of the server-level role ##MS_DatabaseConnector##, which grants CONNECT to all databases, or have a user account in individual databases. This also applies to the virtual master database.

    For example, the server-level role ##MS_ServerStateReader## holds the permission VIEW SERVER STATE. If a login who is member of this role has a user account in the databases master and WideWorldImporters, this user has the permission VIEW DATABASE STATE in those two databases.

    For more information on Azure SQL Database logins and users, see Authorize database access to SQL Database, SQL Managed Instance, and Azure Synapse Analytics.

    Refer: https://learn.microsoft.com/en-us/azure/azure-sql/database/security-server-roles?view=azuresql&source=recommendations

    This should help, let us know if you have a different ask.

    Thanks

    0 comments
  2. Carlos Solís Salazar 18,291 Reputation points MVP Volunteer Moderator
    2024-03-23T18:55:00.4133333+00:00

    You can use an app service to place your code, and the app service connects to the DB via RBAC, your users would connect to the application using their login ID using an App Registration.

    if this answer helped you, please consider accepting it.

    0 comments
  3. SSingh-MSFT 16,461 Reputation points Moderator
    2024-03-27T04:20:02.2233333+00:00

    Hi Kenneth Robinson,

    Thanks for the reply.

    Could you please raise support case for deeper analysis of your scenario by dedicated engineer so that they can help out.

    Let us know if you face any issue in doing the same.

    Thanks

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.