SQL Server

Prerequisites

• If your SQL Server database is protected by security groups or other firewall settings, you will need the data syncing service's static IP available to complete Step 1.
• Confirm that your SQL Server database is configured to allow TCP/IP connections.

📘

Network allowlisting

Cloud Hosted (US): 35.192.85.117/32

Cloud Hosted (EU): 104.199.49.149/32

If private-cloud or self-hosted, contact support for the static egress IP.

Step 1: Allow access

Create a rule in a security group or firewall settings to whitelist:

• incoming connections to your host and port (usually 1433) from the static IP.
• outgoing connections from ports 1024 to 65535 to the static IP.

Step 2: Create writer user

Create a database user to perform the writing of the source data.

1. Open a connection to your SQL Server database.
2. Create a user for the data transfer by executing the following SQL command. The <database> should be the target destination database.

USE <database>;
CREATE LOGIN <username> WITH PASSWORD = '<password>';
CREATE USER <username> FOR LOGIN <username>;

3. Grant user CREATE TABLE privileges on the database.

GRANT CREATE TABLE TO <username>;

🚧

Understanding the CREATE TABLE permission in SQL Server

The CREATE TABLE permission is a database level permission that allows for the creation of new tables in a given database. The user must also have the ALTER permission granted on a given schema in order to create new tables in that schema (see the next step for details).

4. Grant user CREATE SCHEMA privileges on the database if the schema does not exist.

GRANT CREATE SCHEMA TO <username>;

🚧

If the SCHEMA already exists

By default, the service creates a new schema based on the destination configuration. If you prefer to create the schema yourself before connecting the destination, you must ensure that the writer user has the proper permissions on the schema, using:

SQL

GRANT SELECT, INSERT, UPDATE, DELETE, ALTER ON SCHEMA :: <schema> TO <username>;

If the SCHEMA already exists, the user does not need the GRANT CREATE SCHEMA permission.

Step 3: Add your destination

Securely share your host name, database name, port, your chosen schema name, username, and password with us to complete the connection.

🚧

Credential character limitations

For user credentials containing special characters, please avoid using the following characters: @, [, ], /, ?, #, ", \\, +, space, &, : as these characters can break connection string parsing.

Permissions checklist

• Network:
  • Inbound rule allows TCP 1433 from the static egress IP
  • Outbound rule allows ephemeral ports 1024-65535 to the static egress IP
• SQL Server:
  • CREATE TABLE on the target database
  • If schema is created by the service: CREATE SCHEMA on the database
  • If schema is pre-created: SELECT, INSERT, UPDATE, DELETE, ALTER on the target schema
  • TCP/IP connections are enabled
• Optional:
  • If connecting over a private network, SSH tunnel can be used (ensure tunnel host access and public key exchange, if applicable)

FAQ

Q: How is the SQL Server connection secured?

A: The connection uses a dedicated, least-privileged SQL login scoped to the destination database and schema. Network access can be restricted to the static egress IP and SSH tunneling is optionally supported.

Q: Which special characters should I avoid in credentials?

A: Avoid these characters in usernames and passwords because they can break connection string parsing: @, [, ], /, ?, #, ", \\, +, space, &, :.

Q: Which SQL Server flavors are supported?

A: Generic on-premises SQL Server, Azure SQL Database, and Azure Synapse are supported. For Azure dedicated SQL pools, we recommend using the Azure Blob Storage destination type and loading from Azure Data Lake Storage Gen2.