Book a demo

Register a SQL Server Connection

Immuta policies will not be automatically enforced in SQL Server

While you can author and apply subscription and data policies on SQL Server data sources within Immuta, these policies will not be enforced natively in the SQL Server platform. You can use Immuta webhooks to be notified about changes to user access and make appropriate access updates in SQL Server using your own process.

Requirements

The requirements depend on your deployment type:

  • Supported Azure SQL Server versions:

    • Azure SQL Database

    • Azure SQL Managed Instance

    • SQL Server on Azure VMs. Immuta supports the following:

      • SQL Server 2025 Preview

      • SQL Server 2022

      • SQL Server 2019

      • SQL Server 2017

      • SQL Server 2016

      • SQL Server 2014

      • SQL Server 2012

  • Supported SQL Server on AWS RDS versions:

    • SQL Server 2022 (16.0.4185.3)

    • SQL Server 2019 (15.0.4430.1)

    • SQL Server 2017 (14.0.3485.1)

    • SQL Server 2016 (13.0.6455.2)

Permissions

The user registering the connection must have the permissions below.

Create the system account user

Create a new system account user for Immuta. Immuta will use the credentials of this system user to connect to SQL Server, ingest the data objects, and continually crawl the registered connection. See instructions below based on your deployment method:

Azure SQL Server

  1. Create a database user in your Azure SQL Server for Microsoft SQL DB instance. Follow the Microsoft Azure documentation for instructions.

  2. Grant this new account any of the privileges listed below to ensure it can access all databases and register them in Immuta:

    • ALTER ANY DATABASE or the VIEW ANY DATABASE server-level permission, or CREATE DATABASE permission in the master database to allow the user to see the system tables

SQL Server on AWS RDS

  1. Create a database user in your Amazon RDS for Microsoft SQL DB instance. Follow the AWS documentation for instructions.

  2. Grant this new account the privileges listed below to ensure it can access all databases and register them in Immuta:

    • ALTER ANY DATABASE or the VIEW ANY DATABASE server-level permission, or CREATE DATABASE permission in the master database to allow the user to see the system tables

Register a SQL Server connection

  1. In your SQL Server environment, create an Immuta database that Immuta can use to connect to your SQL Server instance to register the connection and maintain state with SQL Server.

    Having this separate database for Immuta prevents custom ETL processes or jobs deleting the database you use to register the connection, which would break the connection.

  2. In Immuta, click Data and select Connections in the navigation menu.

  3. Click the + Add Connection button.

  4. Select the SQL Server tile.

  5. Select your deployment method:

    1. Azure SQL Server

    2. RDS

    3. Self-Managed

  6. Enter the host connection information:

    1. Display Name: This is the name of your new connection. This name will be used in the API (connectionKey), in data source names from the host, and on the connections page.

    2. Hostname: URL of your SQL Server instance.

    3. Port: Port configured for SQL Server.

    4. Database: The SQL Server database you created for Immuta. All databases in the host will be registered.

  7. Select an authentication method from the dropdown menu:

    1. Username and Password: Enter the credentials of the SQL Server database user you created above.

    2. Azure AD Access Token: Enter the token and credentials of the SQL Server database user your created above.

  8. Click Save connection.

PreviousSQL ServerNextSQL Server Connection Reference Guide

Last updated

Was this helpful?