0

In Azure, is there a way to create a custom role or enforce a policy to only allow users to create databases inside an elastic pool?

I tried with a custom role with the "Microsoft.Sql/servers/databases/write" in "NotActions" section, but this permission is also needed to create databases inside Elastic Pool. I have not yet tried with policies, because i'm still learning how define them.

I also tried with "SQL Server Contributor" and "SQL DB Contributor" roles, but neither suits our needs.

The idea is to restrict the creation of new single databases, Sql servers or pools to certain users.

Improve this question
1
  • While you may not be able to prevent it, if you are concerned about how new databases are created, it may be worth creating a policy that flags and alerts when new databases are created so that they can be reviewed. Commented May 12, 2019 at 16:45

1 Answer 1

Reset to default
1

No, it's not currently possible to achieve this I'm afraid. The permissions and policies don't differentiate between a standalone DB and a pool.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.