Supported Features
The Microsoft SQL Server source supports the following features:
-
Account Management
-
Aggregate Microsoft SQL Server Windows Service account as the following:
-
Managed service accounts
-
Group-managed service accounts
-
Virtual accounts
-
For more information, refer to Microsoft SQL Server Windows Service Account.
-
-
*Password Management
-
*Provisioning
-
*Access Certifications (certification of entitlements connected to accounts)
-
Aggregate Windows Active Directory groups created on the Microsoft SQL server
For more information on features, refer to Identity Security Cloud Source Features.
Note
Features marked with an asterisk (*) must be purchased and activated. This is an advanced connector for entitlements, provisioning, and password management. Please open a support ticket for assistance.
The Microsoft SQL Server source supports the Always-On feature of the Microsoft SQL Server target systems.
Direct Permissions
-
The Microsoft SQL Server source supports the direct permissions:
-
Permissions directly assigned to accounts and groups as direct permissions during accounts and entitlement aggregation respectively
-
Revocation of the aggregated permissions for accounts through certification
-
-
Perform the following steps to enable direct permissions and their aggregation, for the account or the group schema of your Microsoft SQL Server source.
Use listSources API to get source ID for your source.
Use listSchemas API to get schema ID for the account or group schema for which you want to enable direct permissions.
Use updateSchema API and enter the following content in body.
[
{ "op": "add", "path": "/includePermissions", "value": true }
]
-
Following targets are supported:
-
DATABASE
-
SERVER
-
PROCEDURE
-
ASYMMETRIC_KEY
-
SYMMETRIC_KEYS
-
USER
-
CERTIFICATE_MAPPED_USER
-
DATABASE_ROLE
-
For example,
GRANT CONNECT on 'databaselogin@databasename:DATABASE'
GRANT CONNECT SQL on 'serverloginname:SERVER'