0

In our SQL Managed Instance database, we created a user-defined database role and added 20 users to it. Now, during scanning by Microsoft Defender for Cloud, we are getting the following error/warning:

Rule ID Rule Title Severity Rule Description
VA1281 All memberships for user-defined roles should be intended Medium User-defined roles are security principals defined by the user to group principals to easily manage permissions. Monitoring these roles is important to avoid having excessive permissions. Create a baseline that defines expected membership for each user-defined role. This rule checks whether all memberships for user-defined roles are as defined in the baseline.

Can someone please explain the error and what needs to be done to remediate (solve) the issue?

Ref: Vulnerability Assessment rules

Paul White
  • 94,921
  • 30
  • 437
  • 687
nam
  • 515
  • 5
  • 15

1 Answers1

2

It simply indicates that you have a group and that it is important to check group membership. If you note the baseline, that is, the current list of group members, the next time this rule is checked it will turn green unless the list changes.

It is therefore necessary to set the baseline for this rule.

As you review your assessment results, you can mark specific results as being an acceptable baseline in your environment. A baseline is essentially a customization of how the results are reported. In subsequent scans, results that match the baseline are considered as passes. After you've established your baseline security state, vulnerability assessment only reports on deviations from the baseline. In this way, you can focus your attention on the relevant issues.

enter image description here

learn link: https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment?view=azuresql&tabs=azure-powershell#remediate-vulnerabilities

MBuschi
  • 4,835
  • 1
  • 6
  • 17