Azure Permissions
To use CloudBeaver with Azure, certain permissions are required for different actions. Below is a summary of the necessary permissions and their purposes.
| Action | Permission | Description |
|---|---|---|
| Login | No additional permissions required | Allows users to authenticate in CloudBeaver. |
| Cloud Explorer |
Azure Service Management (user_impersonation) |
Grants access to retrieve a list of available user resources using the https://management.azure.com//.default scope. |
| Database authentication |
Azure SQL Database (user_impersonation) |
Enables database authentication (Azure SQL, MySQL, PostgreSQL) using the https://database.windows.net//.default scope. |
| User provisioning |
User.ReadBasic.All or User.Read.All
|
Allows importing users from Azure AD. |
| Auto-assigned user teams | No additional permissions required, but groups claim must be included in the access or ID token. |
Automatically assigns users to teams based on their Azure AD group memberships. |
- Application overview
- Demo Server
- Administration
- Server configuration
- Create Connection
- Network configuration settings
- Connection Templates Management
- Access Management
-
Authentication methods
-
Local Access Authentication
- Anonymous Access Configuration
- Reverse proxy header authentication
- LDAP
-
Single Sign On
-
SAML
-
OpenID
-
AWS OpenID
-
AWS SAML
-
AWS IAM
-
AWS OpenId via Okta
-
Snowflake SSO
-
Okta OpenId
-
Cognito OpenId
-
JWT authentication
-
Kerberos authentication
-
NTLM
-
Microsoft Entra ID authentication
-
Google authentication
-
Local Access Authentication
- User credentials storage
-
Cloud Explorer
-
Cloud storage
-
Query Manager
-
Drivers Management
- Supported databases
- Accessibility
- Keyboard shortcuts
- Features
- Server configuration
- CloudBeaver and Nginx
-
Domain manager
- Configuring HTTPS for Jetty server
- Command line parameters
- Local Preferences
- API
-
CloudBeaver Community
-
CloudBeaver AWS
-
CloudBeaver Enterprise
-
Deployment options
-
Development