azure-policy icon indicating copy to clipboard operation
azure-policy copied to clipboard

Published 20 hours ago verified publisher icon Azure

Deploy - Configure diagnostic settings for SQL Databases to Log Analytics workspace should exclude the master database

Open Pedroms1 opened this issue 3 years ago • 1 comments

Details of the scenario you tried and the problem that is occurring

This policy is returning a non compliant status on synapse master databases. The issue is that it is not possible to enable diagnostic settings on the master database in any scenario.

Verbose logs showing the problem

N/A

Suggested solution to the issue

Exclude the master database on this policy.

Pedroms1 avatar Dec 02 '21 14:12 Pedroms1

I posted here a suggestion for the team. https://github.com/Azure/azure-policy/issues/872

spoelly avatar Dec 08 '21 09:12 spoelly

It is possible to exemption resource types such as SQL Database using exemptions resource selectors. Or by updating the policy definition.

kenieva avatar Oct 13 '22 19:10 kenieva

@kenieva could this be reopened?

It's indeed possible to create an exemption, but it shouldn't be required. If Azure Policy has flagged master as uncompliant, it is not possible for anyone to correct that - so the flagging is a mistake.

matthetherington avatar Oct 06 '23 17:10 matthetherington

@kenieva This really should be reopened because we dont want to exempt databases, we want to audit databases, just not the ones of kind "v12.0,system" only on "v12.0,user" or we should have the option to apply the settings to databases of kind "v12.0,system": image

mbrouwer avatar Nov 22 '23 09:11 mbrouwer