In Azure Portal to user - how to disable the Data Explorer in Azure Cosmos DB service.
I guess what you are looking for is to restrict users from executing query on Azure portal. You can have a look at different roles available and control the access level accordingly. In this case what you need is Cosmos DB Operator
Can provision Azure Cosmos accounts, databases, and containers. Cannot
access any data or use Data Explorer.
Related
We have an Azure Cosmos Db where it would be beneficial to allow some testers access to the database. I'm struggling finding which permissions should be granted so they could view the data in database without giving them Contributor permissions. The access could be through the Azure portal or through cosmos.azure.com.
based on your requirement , it looks like you need to provide the role as "Cosmos DB Account Reader"
Can read Azure Cosmos DB account data.
Apparently Cosmos DB Account Reader permission is enough when the Data Explorer is accessed through the Azure portal. When the user is opening cosmos.azure.com, however, that permission is not enough.
I need to get pricing details for SQL Server and Storage account in my application. I have found this url - https://learn.microsoft.com/en-us/rest/api/cost-management/retail-prices/azure-retail-prices#api-endpoint but this works for Azure Virtual Machines. Will the same API work for other resources? How can I get details for SQL Server and Storage Account using same API?
You can use the below api's to get the required details :
Databases :
You can get SQL database (serverless,single server etc.) ,
Database for PostgreSQL etc.
https://prices.azure.com/api/retail/prices?api-version=2021-10-01-preview&$filter=serviceFamily eq 'Databases'
Storage Account:
This depends on what you want to create and store and the redundancy
as well which is the same when you select from the drop down of
Pricing Calculator
https://prices.azure.com/api/retail/prices?api-version=2021-10-01-preview&$filter=serviceFamily eq 'Storage'
This article says that an Azure subscription owner has access to all the resources in the subscription. However to get access to an Azure database, one must either be a user in the database, or be part of the Azure Admin AD group.
Can a subscription owner access the database regardless of the SQL security? If so, how?
The article you refer to gives a very high-level overview on RBAC roles provided in Azure.
It is important to understand these built-in roles that give access to the resources (the management plane) vs those that give access to the resource data (the data plane).
For example, many built-in roles give users access to data, for example: Storage and KeyVault.
As for databases, it all depends on the type of database engine your refer to. Each have specific particularities in terms of roles and permissions.
SQL Database is managed right in the SQL server. This link provides additional details on how this is done. SQL Database
Other modern database engines, such as Cosmos DB, come with different Azure Built-in roles (just like Key Vault or Storage). See this link in order to give you a better idea on the roles and permissions assigned for each roles. Role-based access control in Azure Cosmos DB
Is there any way to change the region for a Azure SQL server/database from one geographical region to another region?
I have a deleted database which I cannot restore as I get "MSDN subscriptions are restricted from provisioning in this region. Please choose a different region. For exceptions to this rule please contact Microsoft Support."
The Server was originally setup in US-West region with a VS MSDN Subscription.
To answer the ways to change region from Azure SQL database, there are mutiple options -
Configure active geo-replication for Azure SQL Database in the Azure portal and initiate failover
Copy an Azure SQL database
Export an Azure SQL database to a BACPAC file
Set up SQL Data Sync (Preview)
However, based on the error if there is limitation on specific region and you have strict requirement to have database in same region you may need to work with Azure support on it.
Please let me know is there any way to programmatic-ally link the resources(sql database or storage account) to my Azure cloud service.
This is a vague question, but... Windows Azure SQL Database and Windows Azure Storage are both services you simply consume - grab an endpoint and connect. That's the link. Very loose coupling. For SQL Database, it's just like accessing an on-premises database: open a connection via connection string and start working with the database.
For Windows Azure Storage, you can connect to any storage account you create, even ones in different subscriptions, as long as you have the account name and access key.
If there's something more specific you're looking for, you'll need to post a more specific question.