RBAC vs Data permissions

I have always seen people get confused with the different permissions available through RBAC and the permissions to data inside the resource. I am loosely using the term data here as ‘being a dba’ I am generally more concerned about the data but what I actually mean is having permission onto the resource in Azure […]

Storage Account’s SAS token management

An Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, tables, and disks. – docs There are two ways to access anything stored in Azure Storage account. 1. Storage Key.2. SAS Token. The drawback of using a Storage key is that this is admin permission onto the whole Storage account, […]

Securing your SQL Server using endpoints

As per MS docs, endpoint is a service that can listen natively for requests. What that means is endpoint is basically the “gateway” to your SQL Server. Any connection coming to SQL Server always comes through an endpoint, if you are connecting to SQL Server using SSMS then that connection is built using endpoint, any […]

Pages and Extents

Pages and Extents are core concept of data storage in SQL Server. A Page is a 8Kb space allocated in physical drive to be used by SQL Server. Managing these 8Kb Pages would have been difficult and so to help in it we have Extent which is a collection 8 Pages. As stated before a […]

Subnet for Managed Instance

Some days back I had to create multiple Managed Instances in different resource groups for a client, by default Azure Portal give the below option for choosing network. I went through all the default options for the Networking and built 3 MIs. MI-dev, MI-test and MI-prd. MI-dev was the first MI that I had created […]

What & How of SQL Server

I always love to geek out in everything I do, If I read or learn something new I always try to learn it’s internals for better understanding of the topic. This has its own pros and cons, pros being if you know the internals of something then you will have better understanding of the topic […]

Log Shipping Internals

Log shipping is the oldest Disaster Recovery feature provided by SQL Server. The best part is that it is very easy to implement. Check here for the steps to be followed. It creates three jobs for: Backup the log at primary, Copy the backup file to secondary and the last one to Restore the backup. […]

Enabling PIM for Azure Resources

Today I had to enable Just-in-time access for a client at subscription level to all the high privileged roles. It was my first time implementing it. This blog is about how you can implement the same for VM users with maximum activatation duration of 2 hours. The steps to implement are as following: Step 1 […]