# Register a SQL Server Connection
{% hint style="info" %}
**Immuta policies will not be automatically enforced in SQL Server**
While you can author and apply subscription and data policies on SQL Server data sources within Immuta, these policies will not be enforced natively in the SQL Server platform. You can use [Immuta webhooks](https://documentation.immuta.com/saas/developer-guides/api-intro/immuta-v1-api/configure-your-instance-of-immuta/webhooks#webhook-overview) to be notified about changes to user access and make appropriate access updates in SQL Server using your own process.
To use this integration, contact your Immuta representative.
{% endhint %}
## Requirements
The requirements depend on your deployment type:
* Supported Azure SQL Server versions:
* Azure SQL Database
* Azure SQL Managed Instance
* SQL Server on Azure VMs. Immuta supports the following:
* SQL Server 2025 Preview
* SQL Server 2022
* SQL Server 2019
* SQL Server 2017
* SQL Server 2016
* SQL Server 2014
* SQL Server 2012
* Supported SQL Server on Amazon RDS versions:
* SQL Server 2022 (16.0.4185.3)
* SQL Server 2019 (15.0.4430.1)
* SQL Server 2017 (14.0.3485.1)
* SQL Server 2016 (13.0.6455.2)
## Permissions
The user registering the connection must have the permissions below.
* `APPLICATION_ADMIN` Immuta permission
* The user registering the connection must have the following system privileges depending on your deployment type:
* Azure SQL Server
* [`CREATE DATABASE` permission](https://learn.microsoft.com/en-us/azure/azure-sql/database/single-database-manage?view=azuresql#prerequisites)
* [`ALTER ANY USER` permission on the database](https://learn.microsoft.com/en-us/sql/t-sql/statements/create-user-transact-sql?view=sql-server-ver17#permissions)
* SQL Server on AWS RDS
* master user
## Create the system account user
Create a new system account user for Immuta. Immuta will use the credentials of this system user to connect to SQL Server, ingest the data objects, and continually crawl the registered connection. See instructions below based on your deployment method:
Azure SQL Server
1. Create a database user in your Azure SQL Server for Microsoft SQL DB instance. [Follow the Microsoft Azure documentation for instructions](https://learn.microsoft.com/en-us/sql/t-sql/statements/create-user-transact-sql?view=sql-server-ver17).
2. Grant this new account any of the privileges listed below to ensure it can access all databases and register them in Immuta:
* `ALTER ANY DATABASE` or the `VIEW ANY DATABASE` server-level permission, or `CREATE DATABASE` permission in the `master` database to allow the user to [see the system tables](https://learn.microsoft.com/en-us/sql/relational-databases/system-catalog-views/sys-databases-transact-sql?view=sql-server-ver17#permissions)
SQL Server on Amazon RDS
1. Create a database user in your Amazon RDS for Microsoft SQL DB instance. [Follow the AWS documentation for instructions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.SQLServer.CommonDBATasks.CreateUser.html).
2. Grant this new account the privileges listed below to ensure it can access all databases and register them in Immuta:
* `ALTER ANY DATABASE` or the `VIEW ANY DATABASE` server-level permission, or `CREATE DATABASE` permission in the `master` database to allow the user to [see the system tables](https://learn.microsoft.com/en-us/sql/relational-databases/system-catalog-views/sys-databases-transact-sql?view=sql-server-ver17#permissions)
## Register a SQL Server connection
1. In your SQL Server environment, create an **Immuta database** that Immuta can use to connect to your SQL Server instance to register the connection and maintain state with SQL Server.
Having this separate database for Immuta prevents custom ETL processes or jobs deleting the database you use to register the connection, which would break the connection.
2. In Immuta, click :database: **Data** and select **Connections** in the navigation menu.
3. Click the **+ Add Connection** button.
4. Select the **SQL Server** tile.
5. Select your deployment method:
1. **Azure SQL Server**
2. **RDS**
3. **Self-Managed**
6. Enter the host connection information:
1. **Display Name:** This is the name of your new connection. This name will be used in the API (`connectionKey`), in data source names from the host, and on the connections page. Avoid the use of periods (`.`) or [restricted words](#user-content-fn-1)[^1] in your connection name.
2. **Hostname**: URL of your SQL Server instance.
3. **Port**: Port configured for SQL Server.
4. **Database**: The SQL Server database you created for Immuta. All databases in the host will be registered.
7. Select an authentication method from the dropdown menu:
1. **Username and Password**: Enter the credentials of the [SQL Server database user you created above](#create-the-database-user).
2. **Azure AD Access Token**: Enter the [token](https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens) and credentials of the [SQL Server database user your created above](#create-the-system-account-user).
8. Click **Save connection**.
[^1]: Your display name cannot be any of the following words: `data`, `connection`, `object`, `crawl`, `search`, `settings`, `metadata`, `permission`, `sync`, `bulk`, and `upgrade`.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://documentation.immuta.com/saas/configuration/integrations/sql-server/register-a-sql-server-connection.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.