Share via

Best Practices Assessment for Azure-Arc SQL Server

SujinaSJ-1789 271 Reputation points
2024-06-14T14:27:48.46+00:00

Hi Team, We need to enable Best Practices Assessment (BPA) feature for azure arc enabled SQL servers in 2 subscriptions. What access at what scope is required for enabling this. I have contributor role at subscription level for one and could select the log analytics workspace. Have built-in contributor role (excluding write access on tags) at other subscription but unable to select the log analytics workspace in this subscription. Using this same custom contributor I am able to select the log analytics workspace to enable BPA at another subscription which is really confusing as MS docs says log analytics contributor access is enough. Request some guidance on the RBAC required for each resource enabling BPA for arc enabled sql. TYIA

Azure Arc
Azure Arc

A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.

SQL Server | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amira Bedhiafi 41,386 Reputation points MVP Volunteer Moderator
    2026-04-21T13:02:07.9666667+00:00

    Hello Sujina !

    Thank you for posting on MS Learn Q&A.

    The person in your team enabling BPA needs log analytics contributor on the log analytics workspace scope (RG or subscription), Azure connected machine resource administrator on the Arc enabled machine within SQL Server scope and monitoring contributor on both the log analytics workspace scope and the Arc enabled machine scope. Contributor or owner is sufficient because those built in roles cover the actions you need. https://learn.microsoft.com/en-us/sql/sql-server/azure-arc/assess?view=sql-server-ver17

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.