sql.azure.com/v1api20211101

"2021-11-01"

"ActiveDirectory"

"ActiveDirectory"

"Disabled"

"Enabled"

"New"

"Disabled"

"Enabled"

"New"

12

24

12

24

"Disabled"

"Enabled"

"Disabled"

"Enabled"

Type: The identity type

UserAssignedIdentities: The resource ids of the user assigned identities to use

TenantId: The Azure Active Directory tenant id.

Type: The identity type

UserAssignedIdentities: The resource ids of the user assigned identities to use

"None"

"UserAssigned"

"None"

"UserAssigned"

"DATABASE_DEFAULT"

"SQL_Latin1_General_CP1_CI_AS"

"DATABASE_DEFAULT"

"SQL_Latin1_General_CP1_CI_AS"

"Copy"

"Default"

"OnlineSecondary"

"PointInTimeRestore"

"Recovery"

"Restore"

"RestoreExternalBackup"

"RestoreExternalBackupSecondary"

"RestoreLongTermRetentionBackup"

"Secondary"

"Copy"

"Default"

"OnlineSecondary"

"PointInTimeRestore"

"Recovery"

"Restore"

"RestoreExternalBackup"

"RestoreExternalBackupSecondary"

"RestoreLongTermRetentionBackup"

"Secondary"

"Geo"

"GeoZone"

"Local"

"Zone"

"BasePrice"

"LicenseIncluded"

"BasePrice"

"LicenseIncluded"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Geo"

"GeoZone"

"Local"

"Zone"

"Geo"

"GeoZone"

"Local"

"Zone"

"AdventureWorksLT"

"WideWorldImportersFull"

"WideWorldImportersStd"

"AdventureWorksLT"

"WideWorldImportersFull"

"WideWorldImportersStd"

"Geo"

"Named"

"Geo"

"Named"

"AutoClosed"

"Copying"

"Creating"

"Disabled"

"EmergencyMode"

"Inaccessible"

"Offline"

"OfflineChangingDwPerformanceTiers"

"OfflineSecondary"

"Online"

"OnlineChangingDwPerformanceTiers"

"Paused"

"Pausing"

"Recovering"

"RecoveryPending"

"Restoring"

"Resuming"

"Scaling"

"Shutdown"

"Standby"

"Starting"

"Stopped"

"Stopping"

"Suspect"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

ClientId: The Azure Active Directory client id.

PrincipalId: The Azure Active Directory principal id.

MaxCapacity: The maximum capacity any one database can consume.

MinCapacity: The minimum capacity all databases are guaranteed.

MaxCapacity: The maximum capacity any one database can consume.

MinCapacity: The minimum capacity all databases are guaranteed.

"BasePrice"

"LicenseIncluded"

"BasePrice"

"LicenseIncluded"

"Creating"

"Disabled"

"Ready"

"Primary"

"Secondary"

FailoverPolicy: Failover policy of the read-only endpoint for the failover group.

"Disabled"

"Enabled"

"Disabled"

"Enabled"

FailoverPolicy: Failover policy of the read-only endpoint for the failover group.

FailoverPolicy: Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required.

FailoverWithDataLossGracePeriodMinutes: Grace period before failover with data loss is attempted for the read-write endpoint. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required.

"Automatic"

"Manual"

"Automatic"

"Manual"

FailoverPolicy: Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required.

FailoverWithDataLossGracePeriodMinutes: Grace period before failover with data loss is attempted for the read-write endpoint. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required.

Reference: Resource identifier of the partner server.

"Primary"

"Secondary"

Id: Resource identifier of the partner server.

Location: Geo location of the partner server.

ReplicationRole: Replication role of the partner server.

"Approving"

"Dropping"

"Failed"

"Ready"

"Rejecting"

GroupIds: Group IDs.

PrivateEndpoint: Private endpoint which the connection belongs to.

PrivateLinkServiceConnectionState: Connection state of the private endpoint connection.

ProvisioningState: State of the private endpoint connection.

Id: Resource id of the private endpoint.

"None"

ActionsRequired: The actions required for private link service connection.

Description: The private link service connection description.

Status: The private link service connection status.

"Approved"

"Disconnected"

"Pending"

"Rejected"

Type: The identity type. Set this to ‘SystemAssigned’ in order to automatically create and assign an Azure Active Directory principal for the resource.

UserAssignedIdentities: The resource ids of the user assigned identities to use

PrincipalId: The Azure Active Directory principal id.

TenantId: The Azure Active Directory tenant id.

Type: The identity type. Set this to ‘SystemAssigned’ in order to automatically create and assign an Azure Active Directory principal for the resource.

UserAssignedIdentities: The resource ids of the user assigned identities to use

"None"

"SystemAssigned"

"SystemAssigned,UserAssigned"

"UserAssigned"

"None"

"SystemAssigned"

"SystemAssigned,UserAssigned"

"UserAssigned"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Default"

"Proxy"

"Redirect"

"Default"

"Proxy"

"Redirect"

AdministratorType: Type of the sever administrator.

AzureADOnlyAuthentication: Azure Active Directory only Authentication enabled.

Login: Login name of the server administrator.

PrincipalType: Principal Type of the sever administrator.

Sid: SID (object ID) of the server administrator.

TenantId: Tenant ID of the administrator.

"ActiveDirectory"

"ActiveDirectory"

"Application"

"Group"

"User"

"Application"

"Group"

"User"

AdministratorType: Type of the sever administrator.

AzureADOnlyAuthentication: Azure Active Directory only Authentication enabled.

Login: Login name of the server administrator.

PrincipalType: Principal Type of the sever administrator.

Sid: SID (object ID) of the server administrator.

TenantId: Tenant ID of the administrator.

FullyQualifiedDomainName: indicates where the FullyQualifiedDomainName config map should be placed. If omitted, no config map will be created.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

ConfigMaps: configures where to place operator written ConfigMaps.

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Id: Resource ID.

Properties: Private endpoint connection properties

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

"Connected"

"Disconnected"

"Disabled"

"Enabled"

"Disabled"

"Enabled"

AdministratorLogin: Administrator username for the server. Once created it cannot be changed.

Administrators: The Azure Active Directory administrator of the server.

Conditions: The observed state of the resource

FederatedClientId: The Client id used for cross tenant CMK scenario

FullyQualifiedDomainName: The fully qualified domain name of the server.

Id: Resource ID.

Identity: The Azure Active Directory identity of the server.

KeyId: A CMK URI of the key to use for encryption.

Kind: Kind of sql server. This is metadata used for the Azure portal experience.

Location: Resource location.

MinimalTlsVersion: Minimal TLS version. Allowed values: ‘1.0’, ‘1.1’, ‘1.2’

Name: Resource name.

PrimaryUserAssignedIdentityId: The resource id of a user assigned identity to be used by default.

PrivateEndpointConnections: List of private endpoint connections on a server

PublicNetworkAccess: Whether or not public endpoint access is allowed for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’

RestrictOutboundNetworkAccess: Whether or not to restrict outbound network access for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’

State: The state of the server.

Tags: Resource tags.

Type: Resource type.

Version: The version of the server.

WorkspaceFeature: Whether or not existing server has a workspace created and if it allows connection from workspace

AdministratorLogin: Administrator username for the server. Once created it cannot be changed.

AdministratorLoginPassword: The administrator login password (required for server creation).

Administrators: The Azure Active Directory administrator of the server.

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

FederatedClientId: The Client id used for cross tenant CMK scenario

Identity: The Azure Active Directory identity of the server.

KeyId: A CMK URI of the key to use for encryption.

Location: Resource location.

MinimalTlsVersion: Minimal TLS version. Allowed values: ‘1.0’, ‘1.1’, ‘1.2’

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource

PrimaryUserAssignedIdentityReference: The resource id of a user assigned identity to be used by default.

PublicNetworkAccess: Whether or not public endpoint access is allowed for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’

RestrictOutboundNetworkAccess: Whether or not to restrict outbound network access for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’

Tags: Resource tags.

Version: The version of the server.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

AdministratorType: Type of the sever administrator.

AzureADOnlyAuthentication: Azure Active Directory only Authentication enabled.

Conditions: The observed state of the resource

Id: Resource ID.

Login: Login name of the server administrator.

Name: Resource name.

Sid: SID (object ID) of the server administrator.

TenantId: Tenant ID of the administrator.

Type: Resource type.

AdministratorType: Type of the sever administrator.

Login: Login name of the server administrator.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

Sid: SID (object ID) of the server administrator.

SidFromConfig: SID (object ID) of the server administrator.

TenantId: Tenant ID of the administrator.

TenantIdFromConfig: Tenant ID of the administrator.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

CreationTime: Specifies the UTC creation time of the policy.

Id: Resource ID.

Name: Resource name.

State: Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.

SystemData: SystemData of AdvancedThreatProtectionResource.

Type: Resource type.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

State: Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

AuditActionsAndGroups: Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that

Conditions: The observed state of the resource

Id: Resource ID.

IsAzureMonitorTargetEnabled: Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https:/​/​management.azure.com/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroup}/​providers/​Microsoft.Sql/​servers/​{serverName}/​databases/​{databaseName}/​providers/​microsoft.insights/​diagnosticSettings/​{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell

IsDevopsAuditEnabled: Specifies the state of devops audit. If state is Enabled, devops logs will be sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’, ‘IsAzureMonitorTargetEnabled’ as true and ‘IsDevopsAuditEnabled’ as true When using REST API to configure auditing, Diagnostic Settings with ‘DevOpsOperationsAudit’ diagnostic logs category on the master database should also be created. Diagnostic Settings URI format: PUT https:/​/​management.azure.com/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroup}/​providers/​Microsoft.Sql/​servers/​{serverName}/​databases/​master/​providers/​microsoft.insights/​diagnosticSettings/​{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell

IsManagedIdentityInUse: Specifies whether Managed Identity is used to access blob storage

IsStorageSecondaryKeyInUse: Specifies whether storageAccountAccessKey value is the storage’s secondary key.

Name: Resource name.

QueueDelayMs: Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.

RetentionDays: Specifies the number of days to keep in the audit logs in the storage account.

State: Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.

StorageAccountSubscriptionId: Specifies the blob storage subscription Id.

StorageEndpoint: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.

Type: Resource type.

AuditActionsAndGroups: Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that

IsAzureMonitorTargetEnabled: Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https:/​/​management.azure.com/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroup}/​providers/​Microsoft.Sql/​servers/​{serverName}/​databases/​{databaseName}/​providers/​microsoft.insights/​diagnosticSettings/​{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell

IsDevopsAuditEnabled: Specifies the state of devops audit. If state is Enabled, devops logs will be sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’, ‘IsAzureMonitorTargetEnabled’ as true and ‘IsDevopsAuditEnabled’ as true When using REST API to configure auditing, Diagnostic Settings with ‘DevOpsOperationsAudit’ diagnostic logs category on the master database should also be created. Diagnostic Settings URI format: PUT https:/​/​management.azure.com/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroup}/​providers/​Microsoft.Sql/​servers/​{serverName}/​databases/​master/​providers/​microsoft.insights/​diagnosticSettings/​{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell

IsManagedIdentityInUse: Specifies whether Managed Identity is used to access blob storage

IsStorageSecondaryKeyInUse: Specifies whether storageAccountAccessKey value is the storage’s secondary key.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

QueueDelayMs: Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.

RetentionDays: Specifies the number of days to keep in the audit logs in the storage account.

State: Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.

StorageAccountAccessKey: Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage. Prerequisites for using managed identity authentication: 1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD). 2. Grant SQL Server identity access to the storage account by adding ‘Storage Blob Data Contributor’ RBAC role to the server identity. For more information, see Auditing to storage using Managed Identity authentication

StorageAccountSubscriptionId: Specifies the blob storage subscription Id.

StorageEndpoint: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

AzureADOnlyAuthentication: Azure Active Directory only Authentication enabled.

Conditions: The observed state of the resource

Id: Resource ID.

Name: Resource name.

Type: Resource type.

AzureADOnlyAuthentication: Azure Active Directory only Authentication enabled.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

ConnectionType: The server connection type.

Id: Resource ID.

Kind: Metadata used for the Azure portal experience.

Location: Resource location.

Name: Resource name.

Type: Resource type.

ConnectionType: The server connection type.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

AutoPauseDelay: Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled

CatalogCollation: Collation of the metadata catalog.

Collation: The collation of the database.

Conditions: The observed state of the resource

CreateMode: Specifies the mode of database creation. Default: regular database creation. Copy: creates a database as a copy of an existing database. sourceDatabaseId must be specified as the resource ID of the source database. Secondary: creates a database as a secondary replica of an existing database. sourceDatabaseId must be specified as the resource ID of the existing primary database. PointInTimeRestore: Creates a database by restoring a point in time backup of an existing database. sourceDatabaseId must be specified as the resource ID of the existing database, and restorePointInTime must be specified. Recovery: Creates a database by restoring a geo-replicated backup. sourceDatabaseId must be specified as the recoverable database resource ID to restore. Restore: Creates a database by restoring a backup of a deleted database. sourceDatabaseId must be specified. If sourceDatabaseId is the database’s original resource ID, then sourceDatabaseDeletionDate must be specified. Otherwise sourceDatabaseId must be the restorable dropped database resource ID and sourceDatabaseDeletionDate is ignored. restorePointInTime may also be specified to restore from an earlier point in time. RestoreLongTermRetentionBackup: Creates a database by restoring from a long term retention vault. recoveryServicesRecoveryPointResourceId must be specified as the recovery point resource ID. Copy, Secondary, and RestoreLongTermRetentionBackup are not supported for DataWarehouse edition.

CreationDate: The creation date of the database (ISO8601 format).

CurrentBackupStorageRedundancy: The storage account type used to store backups for this database.

CurrentServiceObjectiveName: The current service level objective name of the database.

CurrentSku: The name and tier of the SKU.

DatabaseId: The ID of the database.

DefaultSecondaryLocation: The default secondary region for this database.

EarliestRestoreDate: This records the earliest start date and time that restore is available for this database (ISO8601 format).

ElasticPoolId: The resource identifier of the elastic pool containing this database.

FailoverGroupId: Failover Group resource identifier that this database belongs to.

FederatedClientId: The Client id used for cross tenant per database CMK scenario

HighAvailabilityReplicaCount: The number of secondary replicas associated with the database that are used to provide high availability. Not applicable to a Hyperscale database within an elastic pool.

Id: Resource ID.

Identity: The Azure Active Directory identity of the database.

IsInfraEncryptionEnabled: Infra encryption is enabled for this database.

IsLedgerOn: Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created.

Kind: Kind of database. This is metadata used for the Azure portal experience.

LicenseType: The license type to apply for this database. LicenseIncluded if you need a license, or BasePrice if you have a license and are eligible for the Azure Hybrid Benefit.

Location: Resource location.

LongTermRetentionBackupResourceId: The resource identifier of the long term retention backup associated with create operation of this database.

MaintenanceConfigurationId: Maintenance configuration id assigned to the database. This configuration defines the period when the maintenance updates will occur.

ManagedBy: Resource that manages the database.

MaxLogSizeBytes: The max log size for this database.

MaxSizeBytes: The max size of the database expressed in bytes.

MinCapacity: Minimal capacity that database will always have allocated, if not paused

Name: Resource name.

PausedDate: The date when database was paused by user configuration or action(ISO8601 format). Null if the database is ready.

ReadScale: The state of read-only routing. If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica in the same region. Not applicable to a Hyperscale database within an elastic pool.

RecoverableDatabaseId: The resource identifier of the recoverable database associated with create operation of this database.

RecoveryServicesRecoveryPointId: The resource identifier of the recovery point associated with create operation of this database.

RequestedBackupStorageRedundancy: The storage account type to be used to store backups for this database.

RequestedServiceObjectiveName: The requested service level objective name of the database.

RestorableDroppedDatabaseId: The resource identifier of the restorable dropped database associated with create operation of this database.

RestorePointInTime: Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database.

ResumedDate: The date when database was resumed by user action or database login (ISO8601 format). Null if the database is paused.

SampleName: The name of the sample schema to apply when creating this database.

SecondaryType: The secondary type of the database if it is a secondary. Valid values are Geo and Named.

Sku: The database SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the Capabilities_ListByLocation REST API or one of the following commands: “`azurecli az sql db list-editions -l -o table

```powershell
Get-AzSqlServerServiceObjective -Location <location>

SourceDatabaseDeletionDate: Specifies the time that the database was deleted.

SourceDatabaseId: The resource identifier of the source database associated with create operation of this database.

SourceResourceId: The resource identifier of the source associated with the create operation of this database. This property is only supported for DataWarehouse edition and allows to restore across subscriptions. When sourceResourceId is specified, sourceDatabaseId, recoverableDatabaseId, restorableDroppedDatabaseId and sourceDatabaseDeletionDate must not be specified and CreateMode must be PointInTimeRestore, Restore or Recover. When createMode is PointInTimeRestore, sourceResourceId must be the resource ID of the existing database or existing sql pool, and restorePointInTime must be specified. When createMode is Restore, sourceResourceId must be the resource ID of restorable dropped database or restorable dropped sql pool. When createMode is Recover, sourceResourceId must be the resource ID of recoverable database or recoverable sql pool. When source subscription belongs to a different tenant than target subscription, “x-ms-authorization-auxiliary” header must contain authentication token for the source tenant. For more details about “x-ms-authorization-auxiliary” header see https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/authenticate-multi-tenant

Status: The status of the database.

Tags: Resource tags.

Type: Resource type.

ZoneRedundant: Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones.

AutoPauseDelay: Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

CatalogCollation: Collation of the metadata catalog.

Collation: The collation of the database.

CreateMode: Specifies the mode of database creation. Default: regular database creation. Copy: creates a database as a copy of an existing database. sourceDatabaseId must be specified as the resource ID of the source database. Secondary: creates a database as a secondary replica of an existing database. sourceDatabaseId must be specified as the resource ID of the existing primary database. PointInTimeRestore: Creates a database by restoring a point in time backup of an existing database. sourceDatabaseId must be specified as the resource ID of the existing database, and restorePointInTime must be specified. Recovery: Creates a database by restoring a geo-replicated backup. sourceDatabaseId must be specified as the recoverable database resource ID to restore. Restore: Creates a database by restoring a backup of a deleted database. sourceDatabaseId must be specified. If sourceDatabaseId is the database’s original resource ID, then sourceDatabaseDeletionDate must be specified. Otherwise sourceDatabaseId must be the restorable dropped database resource ID and sourceDatabaseDeletionDate is ignored. restorePointInTime may also be specified to restore from an earlier point in time. RestoreLongTermRetentionBackup: Creates a database by restoring from a long term retention vault. recoveryServicesRecoveryPointResourceId must be specified as the recovery point resource ID. Copy, Secondary, and RestoreLongTermRetentionBackup are not supported for DataWarehouse edition.

ElasticPoolReference: The resource identifier of the elastic pool containing this database.

FederatedClientId: The Client id used for cross tenant per database CMK scenario

HighAvailabilityReplicaCount: The number of secondary replicas associated with the database that are used to provide high availability. Not applicable to a Hyperscale database within an elastic pool.

Identity: The Azure Active Directory identity of the database.

IsLedgerOn: Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created.

LicenseType: The license type to apply for this database. LicenseIncluded if you need a license, or BasePrice if you have a license and are eligible for the Azure Hybrid Benefit.

Location: Resource location.

LongTermRetentionBackupResourceReference: The resource identifier of the long term retention backup associated with create operation of this database.

MaintenanceConfigurationId: Maintenance configuration id assigned to the database. This configuration defines the period when the maintenance updates will occur.

MaxSizeBytes: The max size of the database expressed in bytes.

MinCapacity: Minimal capacity that database will always have allocated, if not paused

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

ReadScale: The state of read-only routing. If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica in the same region. Not applicable to a Hyperscale database within an elastic pool.

RecoverableDatabaseReference: The resource identifier of the recoverable database associated with create operation of this database.

RecoveryServicesRecoveryPointReference: The resource identifier of the recovery point associated with create operation of this database.

RequestedBackupStorageRedundancy: The storage account type to be used to store backups for this database.

RestorableDroppedDatabaseReference: The resource identifier of the restorable dropped database associated with create operation of this database.

RestorePointInTime: Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database.

SampleName: The name of the sample schema to apply when creating this database.

SecondaryType: The secondary type of the database if it is a secondary. Valid values are Geo and Named.

Sku: The database SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the Capabilities_ListByLocation REST API or one of the following commands: “`azurecli az sql db list-editions -l -o table

```powershell
Get-AzSqlServerServiceObjective -Location <location>

SourceDatabaseDeletionDate: Specifies the time that the database was deleted.

SourceDatabaseReference: The resource identifier of the source database associated with create operation of this database.

SourceResourceReference: The resource identifier of the source associated with the create operation of this database. This property is only supported for DataWarehouse edition and allows to restore across subscriptions. When sourceResourceId is specified, sourceDatabaseId, recoverableDatabaseId, restorableDroppedDatabaseId and sourceDatabaseDeletionDate must not be specified and CreateMode must be PointInTimeRestore, Restore or Recover. When createMode is PointInTimeRestore, sourceResourceId must be the resource ID of the existing database or existing sql pool, and restorePointInTime must be specified. When createMode is Restore, sourceResourceId must be the resource ID of restorable dropped database or restorable dropped sql pool. When createMode is Recover, sourceResourceId must be the resource ID of recoverable database or recoverable sql pool. When source subscription belongs to a different tenant than target subscription, “x-ms-authorization-auxiliary” header must contain authentication token for the source tenant. For more details about “x-ms-authorization-auxiliary” header see https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/authenticate-multi-tenant

Tags: Resource tags.

ZoneRedundant: Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

CreationTime: Specifies the UTC creation time of the policy.

Id: Resource ID.

Name: Resource name.

State: Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.

SystemData: SystemData of AdvancedThreatProtectionResource.

Type: Resource type.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource

State: Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

AuditActionsAndGroups: Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that

Conditions: The observed state of the resource

Id: Resource ID.

IsAzureMonitorTargetEnabled: Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https:/​/​management.azure.com/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroup}/​providers/​Microsoft.Sql/​servers/​{serverName}/​databases/​{databaseName}/​providers/​microsoft.insights/​diagnosticSettings/​{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell

IsManagedIdentityInUse: Specifies whether Managed Identity is used to access blob storage

IsStorageSecondaryKeyInUse: Specifies whether storageAccountAccessKey value is the storage’s secondary key.

Kind: Resource kind.

Name: Resource name.

QueueDelayMs: Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.

RetentionDays: Specifies the number of days to keep in the audit logs in the storage account.

State: Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.

StorageAccountSubscriptionId: Specifies the blob storage subscription Id.

StorageEndpoint: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.

Type: Resource type.

AuditActionsAndGroups: Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that

IsAzureMonitorTargetEnabled: Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https:/​/​management.azure.com/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroup}/​providers/​Microsoft.Sql/​servers/​{serverName}/​databases/​{databaseName}/​providers/​microsoft.insights/​diagnosticSettings/​{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell

IsManagedIdentityInUse: Specifies whether Managed Identity is used to access blob storage

IsStorageSecondaryKeyInUse: Specifies whether storageAccountAccessKey value is the storage’s secondary key.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource

QueueDelayMs: Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.

RetentionDays: Specifies the number of days to keep in the audit logs in the storage account.

State: Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.

StorageAccountAccessKey: Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage. Prerequisites for using managed identity authentication: 1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD). 2. Grant SQL Server identity access to the storage account by adding ‘Storage Blob Data Contributor’ RBAC role to the server identity. For more information, see Auditing to storage using Managed Identity authentication

StorageAccountSubscriptionId: Specifies the blob storage subscription Id.

StorageEndpoint: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

Id: Resource ID.

MonthlyRetention: The monthly retention policy for an LTR backup in an ISO 8601 format.

Name: Resource name.

Type: Resource type.

WeekOfYear: The week of year to take the yearly backup in an ISO 8601 format.

WeeklyRetention: The weekly retention policy for an LTR backup in an ISO 8601 format.

YearlyRetention: The yearly retention policy for an LTR backup in an ISO 8601 format.

MonthlyRetention: The monthly retention policy for an LTR backup in an ISO 8601 format.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource

WeekOfYear: The week of year to take the yearly backup in an ISO 8601 format.

WeeklyRetention: The weekly retention policy for an LTR backup in an ISO 8601 format.

YearlyRetention: The yearly retention policy for an LTR backup in an ISO 8601 format.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

DiffBackupIntervalInHours: The differential backup interval in hours. This is how many interval hours between each differential backup will be supported. This is only applicable to live databases but not dropped databases.

Id: Resource ID.

Name: Resource name.

RetentionDays: The backup retention period in days. This is how many days Point-in-Time Restore will be supported.

Type: Resource type.

DiffBackupIntervalInHours: The differential backup interval in hours. This is how many interval hours between each differential backup will be supported. This is only applicable to live databases but not dropped databases.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource

RetentionDays: The backup retention period in days. This is how many days Point-in-Time Restore will be supported.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

CreationTime: Specifies the UTC creation time of the policy.

DisabledAlerts: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force

EmailAccountAdmins: Specifies that the alert is sent to the account administrators.

EmailAddresses: Specifies an array of e-mail addresses to which the alert is sent.

Id: Resource ID.

Name: Resource name.

RetentionDays: Specifies the number of days to keep in the Threat Detection audit logs.

State: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.

StorageEndpoint: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

SystemData: SystemData of SecurityAlertPolicyResource.

Type: Resource type.

DisabledAlerts: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force

EmailAccountAdmins: Specifies that the alert is sent to the account administrators.

EmailAddresses: Specifies an array of e-mail addresses to which the alert is sent.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource

RetentionDays: Specifies the number of days to keep in the Threat Detection audit logs.

State: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.

StorageAccountAccessKey: Specifies the identifier key of the Threat Detection audit storage account.

StorageEndpoint: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

Id: Resource ID.

Name: Resource name.

State: Specifies the state of the transparent data encryption.

Type: Resource type.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource

State: Specifies the state of the transparent data encryption.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

Id: Resource ID.

Name: Resource name.

RecurringScans: The recurring scans settings

StorageContainerPath: A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn’t set

Type: Resource type.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource

RecurringScans: The recurring scans settings

StorageAccountAccessKey: Specifies the identifier key of the storage account for vulnerability assessment scan results. If ‘StorageContainerSasKey’ isn’t specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall

StorageContainerPath: A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn’t set

StorageContainerPathFromConfig: A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn’t set

StorageContainerSasKey: A shared access signature (SAS Key) that has write access to the blob container specified in ‘storageContainerPath’ parameter. If ‘storageAccountAccessKey’ isn’t specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

CreationDate: The creation date of the elastic pool (ISO8601 format).

HighAvailabilityReplicaCount: The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools.

Id: Resource ID.

Kind: Kind of elastic pool. This is metadata used for the Azure portal experience.

LicenseType: The license type to apply for this elastic pool.

Location: Resource location.

MaintenanceConfigurationId: Maintenance configuration id assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur.

MaxSizeBytes: The storage limit for the database elastic pool in bytes.

MinCapacity: Minimal capacity that serverless pool will not shrink below, if not paused

Name: Resource name.

PerDatabaseSettings: The per database settings for the elastic pool.

Sku: The elastic pool SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the Capabilities_ListByLocation REST API or the following command: azurecli az sql elastic-pool list-editions -l <location> -o table `

State: The state of the elastic pool.

Tags: Resource tags.

Type: Resource type.

ZoneRedundant: Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones.

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

HighAvailabilityReplicaCount: The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools.

LicenseType: The license type to apply for this elastic pool.

Location: Resource location.

MaintenanceConfigurationId: Maintenance configuration id assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur.

MaxSizeBytes: The storage limit for the database elastic pool in bytes.

MinCapacity: Minimal capacity that serverless pool will not shrink below, if not paused

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

PerDatabaseSettings: The per database settings for the elastic pool.

Sku: The elastic pool SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the Capabilities_ListByLocation REST API or the following command: azurecli az sql elastic-pool list-editions -l <location> -o table `

Tags: Resource tags.

ZoneRedundant: Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

Databases: List of databases in the failover group.

Id: Resource ID.

Location: Resource location.

Name: Resource name.

PartnerServers: List of partner server information for the failover group.

ReadOnlyEndpoint: Read-only endpoint of the failover group instance.

ReadWriteEndpoint: Read-write endpoint of the failover group instance.

ReplicationRole: Local replication role of the failover group instance.

ReplicationState: Replication state of the failover group instance.

Tags: Resource tags.

Type: Resource type.

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

DatabasesReferences: List of databases in the failover group.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

PartnerServers: List of partner server information for the failover group.

ReadOnlyEndpoint: Read-only endpoint of the failover group instance.

ReadWriteEndpoint: Read-write endpoint of the failover group instance.

Tags: Resource tags.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

EndIpAddress: The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.

Id: Resource ID.

Name: Resource name.

StartIpAddress: The start IP address of the firewall rule. Must be IPv4 format. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.

Type: Resource type.

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

EndIpAddress: The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

StartIpAddress: The start IP address of the firewall rule. Must be IPv4 format. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

EndIPv6Address: The end IP address of the firewall rule. Must be IPv6 format. Must be greater than or equal to startIpAddress.

Id: Resource ID.

Name: Resource name.

StartIPv6Address: The start IP address of the firewall rule. Must be IPv6 format.

Type: Resource type.

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

EndIPv6Address: The end IP address of the firewall rule. Must be IPv6 format. Must be greater than or equal to startIpAddress.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

StartIPv6Address: The start IP address of the firewall rule. Must be IPv6 format.

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

Id: Resource ID.

Name: Resource name.

ProvisioningState: The state of the outbound rule.

Type: Resource type.

AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).

SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).

Conditions: The observed state of the resource

CreationTime: Specifies the UTC creation time of the policy.

DisabledAlerts: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force

EmailAccountAdmins: Specifies that the alert is sent to the account administrators.

EmailAddresses: Specifies an array of e-mail addresses to which the alert is sent.

Id: Resource ID.

Name: Resource name.

RetentionDays: Specifies the number of days to keep in the Threat Detection audit logs.

State: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.

StorageEndpoint: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

SystemData: SystemData of SecurityAlertPolicyResource.

Type: Resource type.

DisabledAlerts: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force

EmailAccountAdmins: Specifies that the alert is sent to the account administrators.

EmailAddresses: Specifies an array of e-mail addresses to which the alert is sent.

OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure

Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource

RetentionDays: Specifies the number of days to keep in the Threat Detection audit logs.

State: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.

StorageAccountAccessKey: Specifies the identifier key of the Threat Detection audit storage account.

StorageEndpoint: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.