Read-Only Mode on SQL Server

this section describes how to configure and use the kron dam for read only connections to an azure sql database or on premises sql server using sql server management studio (ssms) configuring kron pam for read only access to enforce read only and read write modes for specific users or user groups, add the following properties in the kron pam gui, under device properties · dam ddm server clone enforce user role readonly o enforces read only behavior on the cloned port · dam ddm server enforce user groups ug1,ug2 o defines the user groups forced to connect via the main (read write) port all users outside ug1,ug2 are not allowed to connect on the read write port · dam ddm server clone bind port 4001 o the port number for read only connections (the “cloned” port) · dam ddm server clone enforce user groups ug3,ug4 o defines the user groups forced to connect via the read only port all users outside ug3,ug4 are not allowed to connect on the read only port configuring ssms for read only connections when connecting to sql server via kron pam, ssms users must include the applicationintent=readonly parameter to enforce the read only mode 1 open sql server management studio (ssms) 2 open the connect to server dialog 3 enter the kron pam server host and cloned port in the server name field 4 select your preferred authentication mode (e g , windows authentication or sql server authentication) from the authentication dropdown menu 5 provide the username that is configured in kron pam (must match exactly, including domain or any prefix if applicable) when a user is member of a forced read only group , kron pam automatically enforces the read only connection on the cloned port you do not need to add any additional parameter (e g , applicationintent=readonly) for read write access, connect to the original kron pam sql proxy port and ensure you belong to a group that is not forced to read only