Security Context

A design goal for the Zeaware Monitor for Power BI solution was to avoid the need to store user names and passwords to ensure optimal application security. To achieve this Zeaware Monitor for Power BI should be configured to run in the security context of a Managed Identity.

Managed Identity

We recommend that a User Assigned Managed Identity be created for the purpose of running the Zeaware Monitor for Power BI solution. This is created in Azure Active Directory and assigned as the security context for the Azure Container Instance service.

While a System Assigned Managed Identity can also be used, if you recreate the container instance this will require re-applying the permissions as the managed identity will change. A User Assigned Managed Identity allows you to reassign the managed identity to the container if you recreate the container.

User Access

We recommend that user access is constrained to access the monitoring data via the Zeaware Monitor for Power BI dashboards. We also recommend that all user authentication is carried out via Azure Activity Directory.

Permissions

The following permission topics are covered in this section:

SQL Server Permissions

This page describes the permissions that are required to be granted to allow application and user access to the monitoring database.