You can use a Microsoft SQL Server database as the repository for your authorization store. In order to connect to a SQL Server store, use the following procedure.

You must be a member of the Authorization Manager Administrator role to complete this procedure. By default, Administrators is the Windows group membership required to do so. Review the details in "Additional considerations" in this topic.

Connecting to an SQL-based authorization store

When creating or opening an authorization store, type a URL beginning with the protocol prefix MSSQL://.

The syntax for the URL is:

mssql://<connection string>/<database name>/<policy store name>


  • <connection string> is any valid SQL Server connection string,

  • <database name> is the name of the database where the store will be saved, and

  • <policy store name> is the name of the particular store.



mssql://Driver={SQL Server};Server={server1-test};/AzManDB/MyTestStore


Connections to a SQL store are not encrypted unless you explicitly set up SQL encryption for the connection or set up encryption of the network traffic that uses Internet Protocol security (IPsec). For information about configuring SQL encryption or configuring IPsec, see SQL Server product documentation (

Additional considerations

  • If the instance of SQL Server doesn't have the named Authorization Manager database, Authorization Manager will create a new database of this name. Otherwise, the new store will be created within the same named database.

  • The database administrator responsible for the computer running SQL Server must configure security on the computer to allow the Authorization Manager database to be created and maintained.

  • If you are not familiar with connection string syntax, see the documentation provided with Microsoft SQL Server 2008 or Microsoft SQL Server 2005, or visit the Microsoft Web site and see Connection String Syntax (

Additional references