2022 Archive
An archive of changes made to the Data Bridge API in 2022.
Data Bridge, December 2022
The December 2022 release of the Data Bridge API introduces new operations for managing databases on managed SQL Server instances.
Databases
The Rename database operation enables you rename a database hosted on a managed SQL Server instance. The serverName and databaseName path parameters identify the database to be renamed. The name body parameter specifies the new name of the database. The name must be unique. Valid characters: 0-9, A-Z, a-z, _ (underscore), - (hyphen), : (colon), and ' ' (space). Maximum length is 80 characters.
The Shrink database operation enables you to shrink the size of the data and log files. The serverName and databaseName path parameters identify the database to be renamed. The request body accepts optional truncateLogsOnly body parameter. If true, only the logs are truncated. By default, false.
SQL Server Instances
The Get jobs by server instance operation returns summary information jobs run on a specific SQL Server instance.
The Get job by server instance operation returns detailed information about a specific job on a specific SQL Server instance.
Data Bridge, August 2022
The August 2022 release of the Data Bridge API introduces group-level access controls for server instances and services that enable Data Bridge cluster security administration.
Cluster API
All connections between clients and managed SQL Server instances are encrypted automatically using Transport Layer Security (TLS). Data Bridge now enables organizations to configure the minimum version of TLS supported by the organizations managed SQL Server instances.
The Get server security service (GET /databridge/v1/Cluster/server-security) returns cluster-level security information including the minTlsVersion and allConnectedEncrypted attributes. The minTlsVersion attribute identifies the minimum version of TLS supported by the Data Bridge cluster. Clients connecting to managed SQL Server instances must supporte the minimum version to connect to the Data Bridge cluster. The allConnectedEncrypted attribute returns a Boolean value that indicates whether connections to the Data Bridge cluster encrypted. By default, true.
The Set TLS protocol service (PUT /databridge/v1/Cluster/server-security) sets the minimum TLS protocol version on the cluster. The minTlsVersion attribute is specified in the request body. Data Bridge uses Transport Layer Security (TLS) to manage connections between clients and managed SQL Server instances. By default, Data Bridge is configured to support TLS 1.2 or newer. If you need to allow a lower level of encryption to support legacy applications, Data Bridge supports setting the minimum supported TLS version as 1.0, 1.1 or 1.2. RMS recommends the default setting of TLS 1.2.
SQL Instance API
Organizations may now control access to managed SQL Servers on a group-by-group basis:
The Get groups by server instance service (GET /databridge/v1/sql-instances/{instanceName}/groups) returns a list of the groups granted access to the specified managed server instance.
The Manage groups by server instance service (PATCH /databridge/v1/sql-instances/{instanceName}/groups) grants or revokes group access to the specified managed server instance.
The server instance is identified in the endpoint path. The request body defines the groupOperations array that may be used to grant or revoke access for one or more groups:
{
"groupOperations": [
{
"groupAction": 1,
"groupId": "group1ID"
},
{
"groupAction": 0,
"groupId": "group2ID"
}
]
}
Each operation object defines a groupAction and a groupId.
- The
groupActionparameter specifies the operation type. One of 0 or 1. If 0, the request revokes the access previously granted to the server instance. If 0, the request grants access to the server instance to the specified group and its members. - The
groupIdparameter identifies the group that will be granted access to the server instance or have its access revoked.
Database API
The Get groups by database service (GET /databridge/v1/sql-instances/{instanceName}/Databases/{databaseName/groups) returns a list of the groups granted access to the specified managed database.
The Manage groups by database service (PATCH /databridge/v1/sql-instances/{instanceName}/Databases/{databaseName/groups}) grants or revokes group access to the specified database.
The server instance and database are identified in the endpoint path. The request body defines the groupOperations array that may be used to grant or revoke access for one or more groups:
{
"groupOperations": [
{
"groupAction": 0,
"groupId": "string"
}
]
}
Each operation object defines a groupAction and a groupId.
- The
groupActionparameter specifies the operation type. One of 0 or 1. If 0, the request revokes the access previously granted to the server instance. If 0, the request grants access to the server instance to the specified group and its members. - The
groupIdparameter identifies the group that will be granted access to the server instance or have its access revoked.
Data Bridge, June 2022
The June 2022 release features enhancements to Data Bridge role-based privileges that enable you to grant privileges to roles in custom schemas.
Custom Schema Permissions
Data Bridge employs role-based privileges to manage access to data. Data Bridge supports two roles: the Consumer role and the Contributor role. For details, see Administer Logins.
You can now grant privileges to those roles in custom schemas:
- All Contributor users are now added to the
RMS_CONTRIBUTOR_PERMISSIONSdatabase role. - All Consumer users are added to the
RMS_CONSUMER_PERMISSIONSdatabase role.
For example, to grant control to all contributor-login mapped users to a user defined SCHEMA, MY_CUSTOM_SCHEMA:
CREATE SCHEMA MY_CUSTOM_SCHEMA;
GO
CREATE TABLE [MY_CUSTOM_SCHEMA].My_TABLE ( C1 int);
GO
GRANT CONTROL ON SCHEMA::MY_CUSTOM_SCHEMA TORMS_CONTRIBUTOR_PERMISSIONS