Skip to main content

Prerequisites

  • If your SQL Server database is protected by security groups or other firewall settings, you will need our static IP available to complete Step 1.
  • Confirm that your SQL Server database is configured to allow TCP/IP connections.
Network allowlistingCloud Hosted (US): 35.192.85.117/32Cloud Hosted (EU): 104.199.49.149/32If private-cloud or self-hosted, contact support for the static egress IP.
1

Allow access

Create a rule in a security group or firewall settings to whitelist:
  • incoming connections to your host and port (usually 1433) from the static IP.
  • outgoing connections from ports 1024 to 65535 to the static IP.
2

Create writer user

Create a database user to perform the writing of the source data.
  1. Open a connection to your SQL Server database.
  2. Create a user for the data transfer by executing the following SQL command. The <database> should be the target destination database.
Create writer user
USE <database>;
CREATE LOGIN <username> WITH PASSWORD = '<password>';
CREATE USER <username> FOR LOGIN <username>;
  1. Grant user CREATE TABLE privileges on the database.
Grant CREATE TABLE
GRANT CREATE TABLE TO <username>;
Understanding the CREATE TABLE permission in SQL ServerThe CREATE TABLE permission is a database level permission that allows for the creation of new tables in a given database. The user must also have the ALTER permission granted on a given schema in order to create new tables in that schema (see the next step for details).
  1. Grant user CREATE SCHEMA privileges on the database if the schema does not exist.
Grant CREATE SCHEMA
GRANT CREATE SCHEMA TO <username>;
If the SCHEMA already existsBy default, the service creates a new schema based on the destination configuration. If you prefer to create the schema yourself before connecting the destination, you must ensure that the writer user has the proper permissions on the schema, using:
Grant schema privileges
GRANT SELECT, INSERT, UPDATE, DELETE, ALTER ON SCHEMA :: <schema> TO <username>;
If the SCHEMA already exists, the user does not need the GRANT CREATE SCHEMA permission.
3

Add your destination

Use the following details to complete the connection setup: host name, database name, port, your chosen schema name, username, and password.
Credential character limitationsFor user credentials containing special characters, please avoid using the following characters: @, [, ], /, ?, #, ", \\, +, space, &, : as these characters can break connection string parsing.

Permissions checklist

  • Network:
    • Inbound rule allows TCP 1433 from the static egress IP
    • Outbound rule allows ephemeral ports 1024-65535 to the static egress IP
  • SQL Server:
    • CREATE TABLE on the target database
    • If schema is created by the service: CREATE SCHEMA on the database
    • If schema is pre-created: SELECT, INSERT, UPDATE, DELETE, ALTER on the target schema
    • TCP/IP connections are enabled
  • Optional:
    • If connecting over a private network, SSH tunnel can be used (ensure tunnel host access and public key exchange, if applicable)

FAQ

The connection uses a dedicated, least-privileged SQL login scoped to the destination database and schema. Network access can be restricted to the static egress IP and SSH tunneling is optionally supported.
Avoid these characters in usernames and passwords because they can break connection string parsing: @, [, ], /, ?, #, ", \\, +, space, &, :.
Generic on-premises SQL Server, Azure SQL Database, and Azure Synapse are supported. For Azure dedicated SQL pools, we recommend using the Azure Blob Storage destination type and loading from Azure Data Lake Storage Gen2.