Azure permissions
Overview
To use DBeaver with Azure, you need to configure certain permissions in Microsoft Entra ID. These permissions are required for specific actions, like logging in, browsing resources, or provisioning users.
Info
Learn more about permissions in the official Entra documentation.
Required permissions
| Action | Permission | Description |
|---|---|---|
| Login | No additional permissions required | Allows users to authenticate in DBeaver. |
| Cloud Explorer | Azure Service Management (user_impersonation) |
Grants access to retrieve a list of available user resources using the https://management.azure.com//.default scope. |
| Database authentication - Azure SQL, MySQL | Azure SQL Database (user_impersonation) |
Enables database authentication (Azure SQL, MySQL) using the https://database.windows.net//.default scope. |
| Database authentication - PostgreSQL, MySQL | Azure OSSRDBMS Database (user_impersonation) |
Enables database authentication (PostgreSQL, MySQL) using the https://ossrdbms-aad.database.windows.net/.default scope. |
| User provisioning | User.ReadBasic.All or User.Read.All |
Allows importing users from Azure AD. |
| Auto-assigned user teams | No additional permissions required, but groups claim must be included in the access or ID token. |
Automatically assigns users to teams based on their Azure AD group memberships. |