Hi Kenneth Robinson,
Welcome to Microsoft Q&A forum.
As I understand, you want to setup Azure SQL Server to connect by group of users securely.
In Azure SQL Database, the server is a logical concept and permissions can't be granted at the server level. To simplify permission management, Azure SQL Database provides a set of fixed server-level roles to help you manage the permissions on a logical server. Roles are security principals that group logins.
These special fixed server-level roles use the prefix ##MS_
and the suffix ##
to distinguish from other regular user-created principals.
Like SQL Server on-premises, server permissions are organized hierarchically. The permissions that are held by these server-level roles can propagate to database permissions. For the permissions to be effectively useful at the database level, a login needs to either be a member of the server-level role ##MS_DatabaseConnector##
, which grants CONNECT
to all databases, or have a user account in individual databases. This also applies to the virtual master
database.
For example, the server-level role ##MS_ServerStateReader##
holds the permission VIEW SERVER STATE
. If a login who is member of this role has a user account in the databases master
and WideWorldImporters
, this user has the permission VIEW DATABASE STATE
in those two databases.
For more information on Azure SQL Database logins and users, see Authorize database access to SQL Database, SQL Managed Instance, and Azure Synapse Analytics.
This should help, let us know if you have a different ask.
Thanks