Synapse Analytics Dedicated SQL Pool Access Control | RBAC Policy for Contoso-SQL-group | Provisioning and Least Privilege

Provisioning Access Controls for Synapse Analytics Dedicated SQL Pools

Prev Question Next Question

Question

Duncan is a Security Engineer of Contoso Corporation.

He is working on provisioning access controls of Synapse Analytics dedicated SQL pools.

He requires providing access to the group “Contoso-SQL-group” using the Azure Role-Based access control (RBAC) policy to manage the databases.

The principle of least privilege has to be maintained during the access provisioning process.

What kind of RBAC policy can be set in this scenario?

Answers

A. SQL Server Contributor

B. SQL Security Manager

C. SQL Managed Instance Contributor

D. SQL DB Contributor.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D.

In this scenario, the security engineer Duncan needs to provision access controls for Synapse Analytics dedicated SQL pools in such a way that the principle of least privilege is maintained. He wants to provide access to the group “Contoso-SQL-group” to manage the databases.

Azure Role-Based access control (RBAC) is a security mechanism used to manage access to Azure resources. It is used to grant permissions to users, groups, and applications to access specific Azure resources. The RBAC policies control the level of access that can be granted to these entities.

To select the appropriate RBAC policy, we need to understand the roles and permissions that each of the options provides.

A. SQL Server Contributor: This RBAC policy provides permissions to manage the SQL Server resources in the Azure portal. It includes permissions to create, read, update, and delete SQL Server resources. However, it does not provide permissions to manage databases within the SQL Server.

B. SQL Security Manager: This RBAC policy provides permissions to manage security-related aspects of SQL Server resources in the Azure portal. It includes permissions to create, read, update, and delete security-related resources such as logins, users, and permissions. However, it does not provide permissions to manage databases within the SQL Server.

C. SQL Managed Instance Contributor: This RBAC policy provides permissions to manage managed instances of SQL Server in the Azure portal. It includes permissions to create, read, update, and delete managed instances of SQL Server. However, it does not provide permissions to manage databases within the SQL Server.

D. SQL DB Contributor: This RBAC policy provides permissions to manage databases within the SQL Server in the Azure portal. It includes permissions to create, read, update, and delete databases within the SQL Server.

Based on the above information, we can conclude that the appropriate RBAC policy in this scenario would be SQL DB Contributor. This policy provides the necessary permissions to manage databases within the SQL Server, which is the requirement of the scenario. Additionally, it allows us to maintain the principle of least privilege by only granting the necessary permissions required for the group “Contoso-SQL-group” to manage the databases.

Prev Question Next Question