Server and project roles and permissions
SQLServer Flex Server Roles
Section titled “SQLServer Flex Server Roles”| Server Level Role | Permission |
|---|---|
| ##STACKIT_ServerManager## This customer server role combines every other server role and acts as a super-user for the customer DBA. It includes all available permissions and allows creating and managing user databases, logins, sessions, and SQL Server Agent jobs. | ##STACKIT_DatabaseManager## ##STACKIT_LoginManager## ##STACKIT_ProcessManager## ##STACKIT_SQLAgentManger## VIEW ANY ERROR LOG |
| ##STACKIT_DatabaseManager## This server role allows creating and deleting databases, as well as backing up and restoring them. | CREATE ANY DATABASE |
| ##STACKIT_LoginManager## This server role allows creating and deleting customer-owned logins at the instance level. | CREATE LOGIN ALTER ANY LOGIN DENY ALTER on all SIT service accounts DENY CONTROL on all SIT service accounts |
| ##STACKIT_ProcessManager## This server role allows viewing user sessions and terminating processes. | View user sessions/processes in SQLServer Flex Terminate a user session/process in SQLServer Flex Add or revoke users in SQLServer Agent roles in SQLServer Flex |
| ##STACKIT_SQLAgentManger## This server role corresponds to the standard Microsoft SQL Server role “SQLAgentOperatorRole Permissions”. | |
| ##STACKIT_SQLAgentUser## This server role corresponds to the standard Microsoft SQL Server role “SQLAgentUserRole Permissions”. |
SQLServer Flex Project Roles
Section titled “SQLServer Flex Project Roles”| Role | Permissions (examples) |
|---|---|
| sqlserver-flex.admin (SQLServer Flex Admin) Full access to all API endpoints | sqlserver-flex.backup.get, sqlserver-flex.backup.list, sqlserver-flex.backup.trigger, sqlserver-flex.collation.list, sqlserver-flex.compatlevel.list, sqlserver-flex.database.create, sqlserver-flex.database.delete, sqlserver-flex.database.get, sqlserver-flex.database.list, sqlserver-flex.database.update, sqlserver-flex.plan.list, sqlserver-flex.instance.create, sqlserver-flex.instance.delete, sqlserver-flex.instance.get, sqlserver-flex.instance.list, sqlserver-flex.instance.update, sqlserver-flex.metric.list, sqlserver-flex.restore.list, sqlserver-flex.restore.trigger, sqlserver-flex.role.list, sqlserver-flex.storage.list, sqlserver-flex.user.create, sqlserver-flex.user.delete, sqlserver-flex.user.get, sqlserver-flex.user.list, sqlserver-flex.user.reset, sqlserver-flex.version.list |
| sqlserver-flex.editor (SQLServer Flex Editor) Full access to all API endpoints except delete operations | sqlserver-flex.backup.get, sqlserver-flex.backup.list, sqlserver-flex.backup.trigger, sqlserver-flex.collation.list, sqlserver-flex.compatlevel.list, sqlserver-flex.database.create, sqlserver-flex.database.get, sqlserver-flex.database.list, sqlserver-flex.database.update, sqlserver-flex.plan.list, sqlserver-flex.instance.create, sqlserver-flex.instance.get, sqlserver-flex.instance |
| sqlserver-flex.reader (SQLServer Flex Reader) Read-only access to all API endpoints | sqlserver-flex.backup.get, sqlserver-flex.backup.list, sqlserver-flex.collation.list, sqlserver-flex.compatlevel.list, sqlserver-flex.database.get, sqlserver-flex.database.list, sqlserver-flex.plan.list, sqlserver-flex.instance.get, sqlserver-flex.instance.list, sqlserver-flex.metric.list, sqlserver-flex.restore.list, sqlserver-flex.role.list, sqlserver-flex.storage.list, sqlserver-flex.user.get, sqlserver-flex.user.list, sqlserver-flex.version.list |
| sqlserver-flex.user-admin (SQLServer User Admin) Handling user management and all read permissions | sqlserver-flex.backup.get, sqlserver-flex.backup.list, sqlserver-flex.collation.list, sqlserver-flex.compatlevel.list, sqlserver-flex.database.get, sqlserver-flex.database.list, sqlserver-flex.plan.list, sqlserver-flex.instance.get, sqlserver-flex.instance.list, sqlserver-flex.metric.list, sqlserver-flex.restore.list, sqlserver-flex.role.list, sqlserver-flex.storage.list, sqlserver-flex.user.get, sqlserver-flex.user.list, sqlserver-flex.version.list |
SQLServer Flex Project Permission to API Mapping
Section titled “SQLServer Flex Project Permission to API Mapping”| Permission | API Endpoint/s | Description |
|---|---|---|
| sqlserver-flex.backup.get | v2/projects/[projectId]/instances/[instanceId]/backups/[backupId] | Return specific backups |
| sqlserver-flex.backup.list | v2/projects/[projectId]/instances/[instanceId]/backups | Returns all backups of an instance |
| sqlserver-flex.backup.trigger | v2/projects/[projectId]/instances/[instanceId]/backups/databases/[databaseName] | Trigger a backup of a given instance |
| sqlserver-flex.collation.list | v2/projects/[projectId]/instances/[instanceId]/collation | Returns the SQL Server database collations |
| sqlserver-flex.compatlevel.list | v2/projects/[projectId]/instances/[instanceId]/compatibility | Returns compatibility levels for a new database |
| sqlserver-flex.database.create | v2/projects/[projectId]/instances/[instanceId]/databases | Endpoint to create a database |
| sqlserver-flex.database.delete | v2/projects/[projectId]/instances/[instanceId]/databases/[databaseName] | Endpoint to delete a database |
| sqlserver-flex.database.get | v2/projects/[projectId]/instances/[instanceId]/databases/[databaseName] | Returns a specific database |
| sqlserver-flex.database.list | v1/projects/[projectId]/instances/[instanceId]/databases | Returns all databases of an instance |
| sqlserver-flex.plan.list | v2/projects/[projectId]/plans | Returns all plans for a project |
| sqlserver-flex.instance.create | v2/projects/[projectId]/instances | Create a new SQL Server instance |
| sqlserver-flex.instance.delete | v2/projects/[projectId]/instances/[instanceId] | Delete a SQL Server instance |
| sqlserver-flex.instance.get | v2/projects/[projectId]/instances/[instanceId] | Returns a specific SQL Server instance |
| sqlserver-flex.instance.list | v2/projects/[projectId]/instances | Lists all instances |
| sqlserver-flex.instance.update | v2/projects/[projectId]/instances/[instanceId] | Update a SQL Server instance |
| sqlserver-flex.metric.list | v2/projects/[projectId]/instances/[instanceId]/metrics/[metric] | Lists all metrics of a SQL Server instance |
| sqlserver-flex.restore.list | v2/projects/[projectId]/regions/[region]/instances/[instanceId]/ | Lists all current restore jobs |
| sqlserver-flex.restore.trigger | v2/projects/[projectId]/regions/[region]/instances/[instanceId]/backups/databases/[databaseName]/restores | Trigger restore for a specific database |
| sqlserver-flex.role.list | v2/projects/[projectId]/regions/[region]/instances/[instanceId]/roles | Lists possible roles in SQL Server |
| sqlserver-flex.storage.list | v2/projects/[projectId]/regions/[region]/storages/[planId] | Lists the storage classes in the project |
| sqlserver-flex.user.create | v2/projects/[projectId]/regions/[region]/instances/[instanceId]/users | Create a user |
| sqlserver-flex.user.delete | v2/projects/[projectId]/regions/[region]/instances/[instanceId]/users/[userId] | Delete a user |
| sqlserver-flex.user.get | v2/projects/[projectId]/regions/[region]/instances/[instanceId]/users/[userId] | Returns a specific user of an instance |
| sqlserver-flex.user.list | v2/projects/[projectId]/regions/[region]/instances/[instanceId]/users | Lists all users of an instance |
| sqlserver-flex.user.reset | v2/projects/[projectId]/regions/[region]/instances/[instanceId]/users/[userId]/reset | Reset the password of a user |
| sqlserver-flex.version.list | v2/projects/[projectId]/regions/[region]/versions | Returns the versions of available SQL Servers |