Which four actions should you perform in sequence to meet the data security requirements?

Posted by: Pdfprep Category: DP-200 Tags: , ,

DRAG DROP

You deploy an Azure SQL database named DB1 to an Azure SQL server named SQL1.

Currently, only the server admin has access to DB1.

An Azure Active Directory (Azure AD) group named Analysts contains all the users who must have access to DB1.

You have the following data security requirements:

✑ The Analysts group must have read-only access to all the views and tables in the Sales schema of DB1.

✑ A manager will decide who can access DB1. The manager will not interact directly with DB1.

✑ Users must not have to manage a separate password solely to access DB1.

Which four actions should you perform in sequence to meet the data security requirements? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Step 1: From the Azure Portal, set the Active Directory admin for SQL1.

Provision an Azure Active Directory administrator for your Azure SQL Database server. You can provision an Azure Active Directory administrator for your Azure SQL server in the Azure portal and by using PowerShell.

Step 2: On DB1, create a contained user for the Analysts group by using Transact-SQL Create contained database users in your database mapped to Azure AD identities.

To create an Azure AD-based contained database user (other than the server administrator that owns the database), connect to the database with an Azure AD identity, as a user with at least the ALTER ANY USER permission. Then use the following Transact-SQL syntax:

CREATE USER <Azure_AD_principal_name> FROM EXTERNAL PROVIDER;

Step 3: From Microsoft SQL Server Management Studio (SSMS), sign in to SQL1 by using the account set as the Active Directory admin.

Connect to the user database or data warehouse by using SSMS or SSDT

To confirm the Azure AD administrator is properly set up, connect to the master database using the Azure AD administrator account. To provision an Azure AD-based contained database user (other than the server administrator that owns the database), connect to the database with an Azure AD identity that has access to the database.

Step 4: On DB1, grant the VIEW and SELECT DEFINTION..

References: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure

Leave a Reply

Your email address will not be published.