What additional role should I provision in an Azure resource group so that a contributor can see/accept/fix Azure SQL security recomendations?

azure azure-sql rbac

We are receiving security recommendations for one of our Azure SQL databases. I'm owner of the subscription and can see those recommendations in the Azure SQL Security Center. I would like to delegate the resolution to one of the resource group contributors, but the same recommendations doesn't appear to them.

What additional permissions an Azure resource group contributor needs to see/accept/fix alerts from an Azure SQL in that resource group?


To be able to see alerts in security centre you want to grant them the "security reader" role. If they need to dismiss alerts then this is a bit trickier as the only roles that have this are "Security Admin" or subscription contributor or owner. You can see the role definitions here. If you don't want to grant those roles you can create a custom role that has the "Microsoft.Security/locations/alerts/dismiss/action" permission.

To fix the issues in the alerts will come down to what needs to be done. The user fixing them will need to appropriate rights on the SQL Server to apply the fixes, but without knowing what they are it's difficult to say.

Related

firewalld configuration to make EC2 Amazon Linux 2 a NAT
VNC proxy-jump, possibly with ssh
How to save ssh-keyscan result with the port to .ssh/known_hosts
PHP session handler using redis not work
Rsync copies all files with executable permission
Network Policy Server error message 'Negotiation failed. No available EAP methods'
Why does youtube/chrome randomly resume play on paused video?
How to convert HTML into endless one-page PDF via wkhtmltopdf?
How to add a shortcut in OneNote 2013
Import/export or retrieve Thunderbird tags from IMAP server
How to prevent "source" in a bash script from passing the script's arguments?
How do I move the "details pane" to the bottom of "File Explorer" in Windows 10