Did you know you have more than one option to set the SQL firewall settings on an Azure SQL Database? Most people know you can set firewall rules on the server level:
Allow Azure services and resources to access this serveropens up connection from anywhere inside of the Azure Cloud: this is not limited to your own subscription!
There is one extra option, which is very helpful if you want more control per database, instead of opening the firewall for all databases on the same server.
You can set the firewall rules on the database level as well! These will be checked after the server level settings, so you can mix and match.
Do note that the server level settings are evaluated after the database level settings have been checked. So if you have deleted an IP-address from the database level but it is still active on the server level, the IP-address can still access the database. See the docs here for more information.
There is no editor available, you’ll need to edit the settings in the database itself, for example with the Query editor or through a query or table editor with the SQL Server Management Studio or Azure Data Studio
You can use the table
sys.database_firewall_rules to find the current settings and then use the stored procedures
sp_set_database_firewall_rule to set a rule or sp_delete_database_firewall_rule to delete them.
To open the connection from other Azure resources (note: not limited to your subscriptions), you can toggle the setting for IP-address