Home
%3CLINGO-SUB%20id%3D%22lingo-sub-793117%22%20slang%3D%22en-US%22%3EUsing%20Query%20Store%20with%20least%20privileges%20instead%20of%20db_owner%20to%20achieve%20Separation%20of%20Duties%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-793117%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20using%20the%20Query%20Store%20in%20a%20production%20environment%2C%20sometimes%20customers%20need%20to%20delegate%20very%20specifically%20who%20can%20do%20what%20in%20terms%20of%20Performance%20Analysis%20and%2For%20Tuning.%3C%2FP%3E%0A%3CP%3EIn%20this%20article%20we%20will%20demonstrate%2C%20how%20customers%20can%20segregate%20the%20typical%20activities%20around%20the%20Query%20Store%20and%20delegate%20minimal%20sets%20of%20permissions%20to%20groups%20of%20users%20that%20are%20mandated%20to%20certain%20tasks.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20article%20is%20published%20%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-SQL-Database%2FUsing-Query-Store-with-least-privileges-instead-of-db-owner-to%2Fba-p%2F775177%22%20target%3D%22_self%22%3Ehere%20on%20the%20Azure%20SQL%20Blog%3A%26nbsp%3BUsing%20Query%20Store%20with%20least%20privileges%20instead%20of%20db_owner%20to%20achieve%20Separation%20of%20Duties%3C%2FA%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-SQL-Database%2FUsing-Query-Store-with-least-privileges-instead-of-db-owner-to%2Fba-p%2F775177%22%20target%3D%22_self%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20650px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F125066iE06842BC280A9E3F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22QueryStore_ForcePlan_Permission_Error_m.jpg%22%20title%3D%22QueryStore_ForcePlan_Permission_Error_m.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-793117%22%20slang%3D%22en-US%22%3E%3CP%3EHere%20we%20are%20showing%20how%20access%20to%20the%20Query%20Store%20can%20be%20delegated%20without%20granting%20high%20privileges.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-793117%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESQLServerSecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

When using the Query Store in a production environment, sometimes customers need to delegate very specifically who can do what in terms of Performance Analysis and/or Tuning.

In this article we will demonstrate, how customers can segregate the typical activities around the Query Store and delegate minimal sets of permissions to groups of users that are mandated to certain tasks.

 

The article is published here on the Azure SQL Blog: Using Query Store with least privileges instead of db_owner to achieve S...

 

QueryStore_ForcePlan_Permission_Error_m.jpg