Welcome to cloud permissions, where ‘Contributor’ doesn’t mean you can contribute and ‘Reader’ doesn’t mean you can read.
In my last post, I explained the management plane vs data plane split. This post is the promised follow-up for the minimum permission combinations for common DBA tasks. aka, what you need, how to verify it, and how to fix it when it fails.
I’m the guy pushing up my no-longer-existent glasses and saying “Well, actually…” to the first sentence, though stylistically, it’s a good one. But getting past the first sentence, there are some nice breakdowns of what it takes to do what you need to do on a cloud-hosted database.
Fair! But ‘Welcome to cloud permissions, where role names describe abstract API scopes rather than user expectations’ didn’t fit. 🙂 Thank you for the repost, Kevin. I need to think on the best revision. Until then…
Contributor does let you contribute — to the management plane (creating, configuring, deleting Azure resources)
Reader does let you read — the management plane metadata
Oh, for sure, the names can be confusing to people who don’t know what they mean because so many of these terms are overloaded. I mean, overloading terms in a Microsoft product? Never!