DBeaver Documentation

DOWNLOAD pdf

Azure Permissions

Table of contents

- - - Overview
    - Required permissions

Overview

To use DBeaver with Azure, certain permissions are required for different actions. Below is a summary of the necessary permissions and their purposes.

Required permissions

Action	Permission	Description
Login	No additional permissions required	Allows users to authenticate in DBeaver.
Cloud Explorer	`Azure Service Management` (user_impersonation)	Grants access to retrieve a list of available user resources using the `https://management.azure.com//.default` scope.
Database authentication	`Azure SQL Database` (user_impersonation)	Enables database authentication (Azure SQL, MySQL, PostgreSQL) using the `https://database.windows.net//.default` scope.
User provisioning	`User.ReadBasic.All` or `User.Read.All`	Allows importing users from Azure AD.
Auto-assigned user teams	No additional permissions required, but `groups` claim must be included in the access or ID token.	Automatically assigns users to teams based on their Azure AD group memberships.