Azure SQL Vulnerability assessment finding for ipv6_database_firewall_rules

backtothefuture 91 Reputation points

I had one database (so far) raise this finding "VA1054 - Excessive permissions should not be granted to PUBLIC role on objects or columns" in respect of system view [sys].[ipv6_database_firewall_rules].

I don't know this but I presume this is a new MS view, and the VA script maybe hasn't been updated to accept it as a default PUBLIC permission; can anyone confirm ?


Azure SQL Database
{count} votes

Accepted answer
  1. Alberto Morillo 32,706 Reputation points MVP

    At this moment all I can say is that the [sys].[ipv6_database_firewall_rules] view is not related to any current feature or setting in use by Azure SQL Azure. Maybe in the future it could be related to new Azure SQL database features. So the finding can be dismissed as Azure SQL database cannot listen on IPv6 at the moment.

    You can also revoke any permissions granted to PUBLIC on that object to avoid this finding to appear on VA assessments.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful