Skip to content
Documentation

Microsoft SQL Server

Connect Querri to your Microsoft SQL Server database to analyze data using natural language. Once connected, simply ask questions—Querri handles all the T-SQL for you.

Overview

Section titled “Overview”

The SQL Server connector supports:

  • SQL Server 2016+: All modern SQL Server versions
  • SQL Server 2019: Full support including new features
  • SQL Server 2022: Latest version support
  • Azure SQL Database: Managed SQL Server on Azure
  • Azure SQL Managed Instance: Enterprise features on Azure
  • Amazon RDS for SQL Server: Managed SQL Server on AWS

Setup

Section titled “Setup”

Prerequisites

Section titled “Prerequisites”
  • SQL Server database instance
  • Database credentials with appropriate permissions
  • Network access to the database

IP Whitelisting

Section titled “IP Whitelisting”

Important: For cloud-hosted databases or databases behind firewalls, whitelist the following IP address:

18.189.33.77

This is Querri’s outbound IP address. Add this to your database firewall rules or security group.

Creating the Connector

Section titled “Creating the Connector”

  1. Navigate to Connectors

    • Go to Settings → Connectors
    • Click “Add Connector”

  2. Select Microsoft SQL Server

    • Choose “Microsoft SQL Server” from the database connectors

  3. Configure Connection

Host: your-server.database.windows.net
Port: 1433 (default SQL Server port)
Database: your_database_name
Username: your_username
Password: your_password

Optional Settings:

  • Authentication: SQL Server Authentication or Windows Authentication
  • Encrypt: Enable for encrypted connections (recommended)
  • Trust Server Certificate: For self-signed certificates
  • Application Name: Identify Querri connections

  1. Test Connection

    • Click “Test Connection” to verify
    • If successful, click “Save”

  2. Start Analyzing

    • Tables appear in your Library
    • Create a project from any table
    • Ask questions in natural language

Network Configuration

Section titled “Network Configuration”

Azure SQL Database

Section titled “Azure SQL Database”

Add firewall rule:

Rule Name: Querri
Start IP: 18.189.33.77
End IP: 18.189.33.77

Via Azure Portal:

  1. Go to your SQL Database
  2. Click “Set server firewall”
  3. Add the IP address
  4. Click “Save”

AWS RDS SQL Server

Section titled “AWS RDS SQL Server”

Add inbound rule to security group:

Type: MS SQL
Protocol: TCP
Port: 1433
Source: 18.189.33.77/32
Description: Querri Access

On-Premises SQL Server

Section titled “On-Premises SQL Server”

Configure Windows Firewall:

Terminal window
New-NetFirewallRule -DisplayName "SQL Server" `
  -Direction Inbound `
  -Protocol TCP `
  -LocalPort 1433 `
  -RemoteAddress 18.189.33.77 `
  -Action Allow

Enable TCP/IP in SQL Server Configuration Manager:

  1. Open SQL Server Configuration Manager
  2. SQL Server Network Configuration → Protocols
  3. Enable TCP/IP
  4. Restart SQL Server service

Database User Setup

Section titled “Database User Setup”
Section titled “Read-Only User (Recommended)”

Create a dedicated read-only user for Querri:

-- Create login
CREATE LOGIN querri_readonly
WITH PASSWORD = 'SecurePassword123!';


-- Switch to your database
USE your_database;


-- Create user
CREATE USER querri_readonly
FOR LOGIN querri_readonly;


-- Grant read permissions
ALTER ROLE db_datareader ADD MEMBER querri_readonly;


-- Allow view of database metadata
GRANT VIEW DEFINITION TO querri_readonly;

Restricting Access to Specific Tables

Section titled “Restricting Access to Specific Tables”

For tighter security, grant access only to specific tables or schemas:

-- Create user with no default role
CREATE USER querri_readonly FOR LOGIN querri_readonly;


-- Grant access to specific tables only
GRANT SELECT ON dbo.orders TO querri_readonly;
GRANT SELECT ON dbo.customers TO querri_readonly;
GRANT SELECT ON dbo.products TO querri_readonly;


-- Or grant access to an analytics schema only
GRANT SELECT ON SCHEMA::analytics TO querri_readonly;

See Database Best Practices for detailed guidance on creating analytics views and restricting access.

Verify Permissions

Section titled “Verify Permissions”
-- Check login
SELECT * FROM sys.server_principals
WHERE name = 'querri_readonly';


-- Check user permissions
SELECT
    dp.name as username,
    dp.type_desc,
    o.name as object_name,
    p.permission_name,
    p.state_desc
FROM sys.database_permissions p
JOIN sys.database_principals dp ON p.grantee_principal_id = dp.principal_id
LEFT JOIN sys.objects o ON p.major_id = o.object_id
WHERE dp.name = 'querri_readonly';

Troubleshooting

Section titled “Troubleshooting”

Cannot Connect to Server

Section titled “Cannot Connect to Server”

Problem: A network-related or instance-specific error

Solutions:

  1. Verify IP 18.189.33.77 is whitelisted
  2. Check SQL Server is running
  3. Verify TCP/IP is enabled
  4. Check SQL Server Browser service is running (for named instances)
  5. Verify firewall allows port 1433

Login Failed

Section titled “Login Failed”

Problem: Login failed for user

Solutions:

  1. Check username and password
  2. Verify SQL Server authentication is enabled
  3. Check user exists: SELECT * FROM sys.server_principals;
  4. Verify database name is correct
  5. For Azure SQL, ensure format: username@servername

Cannot Open Database

Section titled “Cannot Open Database”

Problem: Cannot open database requested by login

Solutions:

  1. Verify database name
  2. Check user has access to database
  3. Ensure database is online
  4. Grant permissions to database

SSL/TLS Errors

Section titled “SSL/TLS Errors”

Problem: Certificate validation failed

Solutions:

  1. Enable “Trust Server Certificate” option
  2. Install proper SSL certificate on server
  3. Update connection string: Encrypt=true;TrustServerCertificate=true;

Security Best Practices

Section titled “Security Best Practices”

Enable Encryption

Section titled “Enable Encryption”
Encrypt: Yes
Trust Server Certificate: No (use valid certificate)

Use Row-Level Security

Section titled “Use Row-Level Security”

For multi-tenant scenarios or data isolation:

-- Create security policy
CREATE FUNCTION dbo.fn_securitypredicate(@tenant_id AS INT)
RETURNS TABLE
WITH SCHEMABINDING
AS
RETURN SELECT 1 AS result
WHERE @tenant_id = CAST(SESSION_CONTEXT(N'tenant_id') AS INT);


CREATE SECURITY POLICY TenantFilter
ADD FILTER PREDICATE dbo.fn_securitypredicate(tenant_id)
ON dbo.orders
WITH (STATE = ON);

Audit User Activity

Section titled “Audit User Activity”
-- Enable database auditing
CREATE DATABASE AUDIT SPECIFICATION querri_audit
FOR SERVER AUDIT [Audit-Querri]
ADD (SELECT ON DATABASE::your_database BY querri_readonly)
WITH (STATE = ON);

SQL Server Versions

Section titled “SQL Server Versions”

Tested and supported:

  • SQL Server 2022 ✓
  • SQL Server 2019 ✓
  • SQL Server 2017 ✓
  • SQL Server 2016 ✓
  • Azure SQL Database ✓
  • Azure SQL Managed Instance ✓

Next Steps

Section titled “Next Steps”