SQL Server Connection Reference Guide
The SQL Server connection registers data from SQL Server in Immuta. Immuta supports SQL Server deployed through Azure, through Amazon RDS, or self-hosted. See the Register a SQL Server Connection page for a list of supported versions.
What does Immuta do in my environment?
Registering a connection
SQL Server is configured and data is registered through connections, an Immuta feature that allows you to register your data objects through a single connection to make data registration more scalable for your organization. Instead of registering schema and databases individually, you can register them all at once and allow Immuta to monitor your data platform for changes so that data sources are added and removed automatically to reflect the state of data in your data platform.
When the connection is registered, Immuta ingests and stores connection metadata in the Immuta metadata database. In the example below, the Immuta application administrator connects the database that contains marketing-data , research-data , and cs-data tables. Immuta these tables as data sources and stores the table metadata in the Immuta metadata database.
Immuta presents a hierarchical view of your data that reflects the hierarchy of objects in SQL Server after registration is complete:
Host
Database
Schema
Table
Beyond making the registration of your data more intuitive, connections provides more control. Instead of performing operations on individual schemas or tables, you can perform operations (such as object sync) at the connection level.
See the Connections reference guide for details about connections and how to manage them. To configure your SQL Server connection, see the Register a SQL Server connection guide.
SQL Server privileges
The privileges that the SQL Server connection requires align to the least privilege security principle. The table below describes each privilege required by the and the user.
SQL Server on Amazon RDS
masteruser
Setup user
This privilege allows the user registering the connection to create the Immuta database and the Immuta system account so that Immuta can register and manage the connection.
ALTER ANY DATABASE or the VIEW ANY DATABASE server-level permission, or CREATE DATABASE permission in the master database
Immuta system account
This privilege provides access to all the SQL Server system tables necessary to register the connection and maintain state between the SQL Server database and Immuta.
Maintaining state with SQL Server
User actions spur processes in the connection so that Immuta data remains synchronous with the data in SQL Server.
Immuta will create a data source by registering data source metadata and storing that metadata in the Immuta metadata database when an object is found in SQL Server.
Supported object types
While you can author and apply subscription and data policies on SQL Server data sources in Immuta, these policies will not be enforced natively in the SQL Server platform. Any GRANTs or data policies must be manually created in SQL Server.
Table
❌
❌
✅
View
❌
❌
✅
Security and compliance
Authentication methods
The SQL Server connection supports the following authentication methods to register a connection. The credentials provided must be for an account with the permissions listed in the Register a SQL Server connection guide:
Username and password
Azure AD token
Limitations and known issues
The following Immuta features are unsupported:
Automatic subscription and data policy enforcement in SQL Server. Any GRANTs or data policies must be manually created in SQL Server.
Query audit
Data objects deleted in the native platform will not have their corresponding Immuta data objects automatically deleted. Delete the objects manually when necessary.
Integrated Security is not supported
Last updated
Was this helpful?