Azure SQL Vulnerability assessment finding for ipv6_database_firewall_rules

backtothefuture 91 Reputation points
2021-11-25T11:05:32.857+00:00

I had one database (so far) raise this finding "VA1054 - Excessive permissions should not be granted to PUBLIC role on objects or columns" in respect of system view [sys].[ipv6_database_firewall_rules].

I don't know this but I presume this is a new MS view, and the VA script maybe hasn't been updated to accept it as a default PUBLIC permission; can anyone confirm ?

Thanks!

Azure SQL Database
{count} votes

Accepted answer
  1. Alberto Morillo 24,721 Reputation points Microsoft MVP
    2021-11-29T20:41:38.12+00:00

    At this moment all I can say is that the [sys].[ipv6_database_firewall_rules] view is not related to any current feature or setting in use by Azure SQL Azure. Maybe in the future it could be related to new Azure SQL database features. So the finding can be dismissed as Azure SQL database cannot listen on IPv6 at the moment.

    You can also revoke any permissions granted to PUBLIC on that object to avoid this finding to appear on VA assessments.


0 additional answers

Sort by: Most helpful