To monitor an Azure SQL Server using SQL Diagnostic Manager, you have to create a SQL Server user on the instance with the following minimum permissions:
Minimum permissions Azure SQL
- db_datareader - Grants the user the ability to read all data from all user tables.
- View Definition - Grants the user to see the metadata of the securable where the permission was granted.
- View Database State - Grants the ability to view the conditions of the database through the database-level dynamic management views or functions.
- Select - Grants the ability to use the SELECT command against all applicable objects within the database.
- Execute - Grants the ability to use the EXECUTE command against all applicable objects within the database.
- Connect - Grants the ability to enter the database. When a new user is created, this permission is granted by default.
Recommended Permissions Azure SQL
- Minimum permissions plus Control and db_datawriter.
- Control - Grants permissions on the securable.
- db_datawriter - Grants access to tables and views within a database.
- Control - Grants permissions on the securable.
Recommended permissions are on a database level.