Hi Mitesh Prajapati
If you're having trouble seeing your databases on the Database Watcher dashboard while using SQL authentication, it’s important to double-check that you've completed all the necessary configuration steps.
Key Vault Configuration:
- First things first, make sure you're using an Azure Key Vault that’s set up with the RBAC permission.
- If you need private connectivity, don’t forget to create and approve a private endpoint to the vault.
- For public connectivity, ensure that the vault is configured to allow access from all networks, as restricting it to specific networks isn’t supported.
SQL Authentication Setup:
- You’ll need to create a SQL authentication login on each Azure SQL logical server or managed instance that you want to monitor.
- To grant limited permissions, run the following T-SQL script in the master database as a server admin:
CREATE LOGIN [login-name-placeholder] WITH PASSWORD = 'password-placeholder';
ALTER SERVER ROLE ##MS_ServerPerformanceStateReader## ADD MEMBER [login-name-placeholder];
ALTER SERVER ROLE ##MS_DefinitionReader## ADD MEMBER [login-name-placeholder];
ALTER SERVER ROLE ##MS_DatabaseConnector## ADD MEMBER [login-name-placeholder];
Secrets in Azure Key Vault:
- Next, create two secrets: one for the login name and another for the password (for example, database-watcher-login-name and database-watcher-password).
- Make sure you have the Key Vault Secrets Officer role to create these secrets.
Add SQL Target in Database Watcher:
When you’re adding a SQL target, remember to:
- Check the box for "Use SQL authentication."
- Select the appropriate Key Vault.
- Enter the secret names (not the actual login or password) for both the login name and password.
Permissions to Access Secrets:
If the current user isn’t an Owner or User Access Administrator on the vault, you’ll need to manually grant the watcher’s managed identity access:
- Navigate to Access Control (IAM) on each secret. >> Assign the Key Vault Secrets User role to the watcher’s managed identity.
By carefully following these steps, your databases should start showing up in the Database Watcher dashboard.