Permissions
The Azure CIS v2.0.0 - Section 4 - Database Services policy pack requires 20 permissions:
Application.Read.AllGroup.Read.AllUser.Read.Allmicrosoft.dbformysql/flexibleservers/configurations/writemicrosoft.dbforpostgresql/flexibleservers/configurations/writemicrosoft.dbforpostgresql/servers/configurations/writemicrosoft.dbforpostgresql/servers/deletemicrosoft.dbforpostgresql/servers/writemicrosoft.documentdb/databaseaccounts/writemicrosoft.sql/servers/administrators/deletemicrosoft.sql/servers/administrators/writemicrosoft.sql/servers/auditingsettings/writemicrosoft.sql/servers/azureadonlyauthentications/deletemicrosoft.sql/servers/azureadonlyauthentications/writemicrosoft.sql/servers/databases/transparentdataencryption/writemicrosoft.sql/servers/firewallrules/deletemicrosoft.sql/servers/securityalertpolicies/writemicrosoft.sql/servers/vulnerabilityassessments/writemicrosoft.storage/storageaccounts/listkeys/actionmicrosoft.storage/storageaccounts/read