Microsoft’s new database migration tool incurs temporary security risks

Enhancements to Azure Database Migration Service: Schema Migration Feature Now Available

Microsoft has recently introduced a significant update to its Azure Database Migration Service (DMS) with the launch of a generally available schema migration feature. This new capability streamlines the process of data migration by automatically incorporating critical database components such as schemas, tables, indexes, views, and other objects. The goal is to minimize manual tasks and bolster consistency across source and target database environments.

Streamlining Database Object Creation

With this integrated approach, database administrators are no longer required to manually construct each database object, including schemas and stored procedures, in the new Azure SQL Database before performing data migrations. This not only saves substantial time but also significantly mitigates the risk of human errors, which are often a challenge during complex migration projects.

Efficient Migration of Schema Objects

The schema migration feature enhances flexibility by allowing users to migrate essential schema objects either alongside chosen tables or all tables within a single action. It is important to note that this feature is designed specifically for migrations aimed at Azure SQL Database, ensuring a tailored approach for this particular environment.

Requirements for Feature Implementation

While the benefits are substantial, there are prerequisites that users must meet to utilize this new functionality. For instance, users are required to have the Self-Hosted Integration Runtime (SHIR) version 5.37.8767.4 or higher installed on their servers. Additionally, the source SQL Server must grant db_owner permissions to facilitate extensive access during migration tasks. Furthermore, the target Azure SQL Database user must belong to four critical server-level roles, including ##MS_DatabaseManager## and ##MS_LoginManager##, which authorize the user to create and delete databases and manage logins.

Permissions Management and Security Considerations

The previously mentioned permissions are vital for the effective operation of the schema migration feature. Users are encouraged to utilize the ##MS_DatabaseManager## server role rather than the dbmanager database-level role to enhance functionality and security. Once the necessary permissions are granted, users gain authority over login management, database creation, and access to all catalog views.

Microsoft has not specified the duration for which high-level permissions must remain active, but it is anticipated that these permissions can be revoked following the migration process. This aspect is crucial for maintaining security and minimizing the potential risks associated with granting expansive permissions.

Image via Depositphotos.com

Source&Images