SQL Server Permissions
This page describes the permissions that are required to be granted to allow application and user access to the monitoring database.
Managed Identity
The Managed Identity is used by the monitoring service application to collect data and update the monitoring database. The Managed Identity will need read/write access to access the SQL Server database where monitoring data will be retained. To grant the required permissions perform the following steps:
- Grant Login access for the Managed Identity to the SQL Server host.
- Grant Database User access for the Managed Identity to the monitoring database.
- Add the Database User to the ZeawareMonitorService database role. This is pre-configured with the required permissions for the monitoring service. Note, this should not be used for general User access, instead use the process below.
User Access
Zeaware Monitor for Power BI is intended to be limited for use to authorized administrative users. Zeaware Monitor for Power BI has a single user security level, which allows viewing all meta data, configuration and audit logs associated with the Power BI environment being monitored. This may include allowing users to view details about Workspaces that they might not directly have access to via Power BI itself.
To grant users access to the monitoring database it is recommended that an Azure AD Group be configured for managing user access to the application. Once this is done you can:
- Grant Login access for the Azure AD User Group to the SQL Server host.
- Grant Database User access for the Azure AD User Group to the monitoring database.
- Add the Database User to the ZeawareMonitorUser database role. This is pre-configured with the required permissions for the monitoring service. Note, this should not be used for the monitoring service, instead use the process above.