Back to Operation

SQL Server Contributor

Azure Built-in Role

Role Information

Details and metadata

Role ID
6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
Type
BuiltInRole
Last Updated (Azure)
2022-04-28 19:00:53

Change History

Track all modifications to this role since 2025-12-15 01:08:16+00:00

2022-04-28 19:00:53 Initial Scan
View details 
{
  "properties": {
    "roleName": "SQL Server Contributor",
    "type": "BuiltInRole",
    "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Sql/locations/*/read",
          "Microsoft.Sql/servers/*",
          "Microsoft.Support/*",
          "Microsoft.Insights/metrics/read",
          "Microsoft.Insights/metricDefinitions/read"
        ],
        "notActions": [
          "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
          "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
          "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
          "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/auditingSettings/*",
          "Microsoft.Sql/servers/databases/auditingSettings/*",
          "Microsoft.Sql/servers/databases/auditRecords/read",
          "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
          "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
          "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
          "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
          "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
          "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
          "Microsoft.Sql/servers/databases/securityMetrics/*",
          "Microsoft.Sql/servers/databases/sensitivityLabels/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
          "Microsoft.Sql/servers/devOpsAuditingSettings/*",
          "Microsoft.Sql/servers/extendedAuditingSettings/*",
          "Microsoft.Sql/servers/securityAlertPolicies/*",
          "Microsoft.Sql/servers/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
          "Microsoft.Sql/servers/azureADOnlyAuthentications/write",
          "Microsoft.Sql/servers/externalPolicyBasedAuthorizations/delete",
          "Microsoft.Sql/servers/externalPolicyBasedAuthorizations/write"
        ],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2015-02-02T21:55:09.88Z",
    "updatedOn": "2022-04-28T19:00:53.996Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437"
}

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "SQL Server Contributor",
    "type": "BuiltInRole",
    "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Sql/locations/*/read",
          "Microsoft.Sql/servers/*",
          "Microsoft.Support/*",
          "Microsoft.Insights/metrics/read",
          "Microsoft.Insights/metricDefinitions/read"
        ],
        "notActions": [
          "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
          "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
          "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
          "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/auditingSettings/*",
          "Microsoft.Sql/servers/databases/auditingSettings/*",
          "Microsoft.Sql/servers/databases/auditRecords/read",
          "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
          "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
          "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
          "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
          "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
          "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
          "Microsoft.Sql/servers/databases/securityMetrics/*",
          "Microsoft.Sql/servers/databases/sensitivityLabels/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
          "Microsoft.Sql/servers/devOpsAuditingSettings/*",
          "Microsoft.Sql/servers/extendedAuditingSettings/*",
          "Microsoft.Sql/servers/securityAlertPolicies/*",
          "Microsoft.Sql/servers/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
          "Microsoft.Sql/servers/azureADOnlyAuthentications/write",
          "Microsoft.Sql/servers/externalPolicyBasedAuthorizations/delete",
          "Microsoft.Sql/servers/externalPolicyBasedAuthorizations/write"
        ],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2015-02-02T21:55:09.88Z",
    "updatedOn": "2022-04-28T19:00:53.996Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437"
}

Effective Permissions

Operations granted by this role (446 total)

Permission Patterns (from role definition)

Actions 10 patterns
Microsoft.Authorization/*/read Microsoft.Insights/alertRules/* Microsoft.ResourceHealth/availabilityStatuses/read Microsoft.Resources/deployments/* Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Sql/locations/*/read Microsoft.Sql/servers/* Microsoft.Support/* Microsoft.Insights/metrics/read Microsoft.Insights/metricDefinitions/read
NotActions (excluded)
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* Microsoft.Sql/managedInstances/databases/sensitivityLabels/* Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* Microsoft.Sql/managedInstances/securityAlertPolicies/* Microsoft.Sql/managedInstances/vulnerabilityAssessments/* Microsoft.Sql/servers/auditingSettings/* Microsoft.Sql/servers/databases/auditingSettings/* Microsoft.Sql/servers/databases/auditRecords/read Microsoft.Sql/servers/databases/currentSensitivityLabels/* Microsoft.Sql/servers/databases/dataMaskingPolicies/* Microsoft.Sql/servers/databases/extendedAuditingSettings/* Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* Microsoft.Sql/servers/databases/securityAlertPolicies/* Microsoft.Sql/servers/databases/securityMetrics/* Microsoft.Sql/servers/databases/sensitivityLabels/* Microsoft.Sql/servers/databases/vulnerabilityAssessments/* Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* Microsoft.Sql/servers/devOpsAuditingSettings/* Microsoft.Sql/servers/extendedAuditingSettings/* Microsoft.Sql/servers/securityAlertPolicies/* Microsoft.Sql/servers/vulnerabilityAssessments/* Microsoft.Sql/servers/azureADOnlyAuthentications/delete Microsoft.Sql/servers/azureADOnlyAuthentications/write Microsoft.Sql/servers/externalPolicyBasedAuthorizations/delete Microsoft.Sql/servers/externalPolicyBasedAuthorizations/write

Control Plane Operations (446)

Data Plane Operations (0)

No data plane operations granted