I'm getting a SQL vulnerability error discovered by Microsoft Defender for Cloud. The error points to the following Vulnerability Assessment rule. But when I try to set a baseline (recommended by this rule), I get the following error:
The client 'tom.doe@mydomain.com' with object id 'eXXXXXX-...' does not have authorization to perform action 'Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/rules/baselines/write' over scope '/subscriptions/subscriptionid/resourceGroups/myResourceGroup/providers/Microsoft.Sql/managedInstances/mySQLManagedInstance
Question: What permissions are required to set the baseline here?
| Rule ID | Rule Title | Severity | Rule Description |
|---|---|---|---|
| VA1281 | All memberships for user-defined roles should be intended | Medium | User-defined roles are security principals defined by the user to group principals to easily manage permissions. Monitoring these roles is important to avoid having excessive permissions. Create a baseline that defines expected membership for each user-defined role. This rule checks whether all memberships for user-defined roles are as defined in the baseline. |
