Skip to content

Prerequisites for Microsoft SQL Server

Before setting up the Microsoft SQL Server Connector, ensure that the following prerequisites are met.

Prerequisites

Prerequisite Details
JDBC URL Obtain the JDBC URL required to connect to your Microsoft SQL Server database. The connector supports SQL Server on-premises, Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics.
  • General format: jdbc:sqlserver://<SERVER_NAME>:<PORT>;database=<DATABASE_NAME>
  • Azure SQL Database format: jdbc:sqlserver://<SERVER_NAME>.database.windows.net:1433;database=<DATABASE_NAME>
  • Azure Synapse Analytics: Set load.audits=load_synapse in the connector configuration.
JDBC Username and Password Create a dedicated SQL Server service account that the Privacera Connector will use to manage access permissions. This account is used to create and manage users, roles, and grant/revoke permissions based on policies defined in Privacera. The service account must have sufficient server-level privileges, including access to the master database, to perform required administrative operations.
Database(s) to Manage Identify the database name(s) that the connector will manage. These are specified using the manage.database.list configuration property. It is recommended to start with a non-production (test) database.
Schema and Table Identification Identify the schemas, tables, and views within the managed database(s) that the connector will manage. You may optionally specify a schema list (supports wildcards) to limit the scope of management. System schemas such as sys, INFORMATION_SCHEMA, privacera_security, and default database roles are automatically excluded from discovery and policy management.
Users and Groups to Manage Determine the users, groups, and roles whose access will be managed in Microsoft SQL Server. The connector supports:
  • SQL Server internal users (SQL authentication)
  • SQL Server external users (Azure AD / Microsoft Entra ID authentication using EXTERNAL PROVIDER)
  • SQL Server database roles
  • Privacera-managed users, groups, and roles
Authentication Method Decide how the connector service account will authenticate:
  • SQL Authentication (default): Uses SQL Server username and password
  • Azure AD (Microsoft Entra ID) Authentication: Supported for Azure SQL Database by configuring the jdbc.authentication property
Default User Password (Optional) Required only if entity management is enabled (CONNECTOR_MSSQL_MANAGE_ENTITIES: "true"). When enabled, the connector can create new SQL Server users and will assign this default password to newly created users. Ensure the password meets SQL Server password complexity requirements. By default, entity management is disabled ("false").