Skip to content

Azure permissions

Overview

To use DBeaver with Azure, you need to configure certain permissions in Microsoft Entra ID. These permissions are required for specific actions, like logging in, browsing resources, or provisioning users.

Info

Learn more about permissions in the official Entra documentation.

Required permissions

Action Permission Description
Login No additional permissions required Allows users to authenticate in DBeaver.
Cloud Explorer Azure Service Management (user_impersonation) Grants access to retrieve a list of available user resources using the https://management.azure.com//.default scope.
Database authentication - Azure SQL, MySQL Azure SQL Database (user_impersonation) Enables database authentication (Azure SQL, MySQL) using the https://database.windows.net//.default scope.
Database authentication - PostgreSQL, MySQL Azure OSSRDBMS Database (user_impersonation) Enables database authentication (PostgreSQL, MySQL) using the https://ossrdbms-aad.database.windows.net/.default scope.
User provisioning User.ReadBasic.All or User.Read.All Allows importing users from Azure AD.
Auto-assigned user teams No additional permissions required, but groups claim must be included in the access or ID token. Automatically assigns users to teams based on their Azure AD group memberships.