This is a part of series “Stairway to being an Azure SQL DBA“, where I will be covering all the topics that an Azure SQL DBA should know about.
In the previous blogs we learned about Server Admin and AD Admin and how to connect using SQL Authentication and AD authentication. In this blog we’ll learn about the different roles (database and SQL Server) available for Azure SQL Database.
Once connected to the Azure SQL Database using the admin account (mine is shwetanksi) it looks like below:
As you can see you have the option of creating Logins but there isn’t anything like Server Roles.
When any new Login is created it is created inside the master database. If you need to provide administrative privileges, not similar to Server and AD admin, but the ones which can create logins and databases then you need to create a user in master database and add that to dbmanager or loginmanager role.
dbmanager: This role provides the authority to create and delete databases. By default being a member of this role doesn’t provides access to any database, but if you create a user for the Login having this permission they will be able to delete that database too. This login when creates a new database will also be the owner of that database.
loginmanager: They can create and delete logins in the virtual master database.
Rest all the database role exists for each database. Below is the database role options in master database, user databases have all the Database roles except dbmanager and loginmanager.
I hope it helps!