使用 CLI 配置 SQL 数据库审核和高级威胁防护Use CLI to configure SQL Database auditing and Advanced Threat Protection

此 Azure CLI 脚本示例配置 SQL 数据库审核和高级威胁防护。This Azure CLI script example configures SQL Database auditing and Advanced Threat Protection.

本主题需要运行 Azure CLI 版本 2.0 或更高版本。This topic requires that you are running the Azure CLI version 2.0 or later. 运行 az --version 即可查找版本。Run az --version to find the version. 如需进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install the Azure CLI.

示例脚本Sample script

登录 AzureSign in to Azure

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a trial account before you begin.

$subscription = "<subscriptionId>" # add subscription here

az account set -s $subscription # ...or use 'az login'

运行脚本Run the script

#!/bin/bash
location="China East"
randomIdentifier=random123

resource="resource-$randomIdentifier"
server="server-$randomIdentifier"
database="database-$randomIdentifier"
storage="storage$randomIdentifier"

notification="changeto@your.email;changeto@your.email"

login="sampleLogin"
password="samplePassword123!"

echo "Using resource group $resource with login: $login, password: $password..."

echo "Creating $resource..."
az group create --name $resource --location "$location"

echo "Creating $server in $location..."
az sql server create --name $server --resource-group $resource --location "$location" --admin-user $login --admin-password $password

echo "Creating $database on $server..."
az sql db create --name $database --resource-group $resource --server $server --service-objective S0

echo "Creating $storage..."
az storage account create --name $storage --resource-group $resource --location "$location" --sku Standard_LRS

echo "Setting access policy on $storage..."
az sql db audit-policy update --name $database --resource-group $resource --server $server --state Enabled --storage-account $storage

echo "Setting threat detection policy on $storage..."
az sql db threat-policy update --email-account-admins Disabled --email-addresses $notification --name $database --resource-group $resource --server $server --state Enabled --storage-account $storage

清理部署Clean up deployment

使用以下命令删除资源组及其相关的所有资源。Use the following command to remove the resource group and all resources associated with it.

az group delete --name $resource

示例参考Sample reference

此脚本使用以下命令。This script uses the following commands. 表中的每条命令均链接到特定于命令的文档。Each command in the table links to command specific documentation.

az sql db audit-policyaz sql db audit-policy 设置数据库的审核策略。Sets the auditing policy for a database.
az sql db threat-policyaz sql db threat-policy 在数据库上设置高级威胁防护策略。Sets an Advanced Threat Protection policy on a database.

后续步骤Next steps

有关 Azure CLI 的详细信息,请参阅 Azure CLI 文档For more information on the Azure CLI, see Azure CLI documentation.

其他 SQL 数据库 CLI 脚本示例可以在 Azure SQL 数据库文档中找到。Additional SQL Database CLI script samples can be found in the Azure SQL Database documentation.