update vault mssql docs

[sachin-chand01]

PR Description

Summary

Updates the permissions for the MSSQL docs for this bug fix

MSSql Server database plugin throws "Logins other than the current user can only be seen by members of the sysadmin role." when using the default revocation statement.

Please go to the Preview tab and select the appropriate template:

• Boundary
• Consul
• HCP services
• Nomad

Terraform

• HCP Terraform
• Terraform
• Terraform Enterprise

[github-actions]

Vercel Previews Deployed

Name	Status	Preview	Updated (UTC)
Dev Portal	✅ Ready (Inspect)	Visit Preview	Tue Apr 28 11:10:44 UTC 2026
Unified Docs API	✅ Ready (Inspect)	Visit Preview	Tue Apr 28 11:06:48 UTC 2026

[github-actions]

Broken Link Checker

This PR contains broken links, but won't be blocked. Use this report to improve content quality:

Quick Actions

• Internal links (HashiCorp sites): Please fix these - they impact user experience
• External links: Consider if these are essential or can be updated/removed
• Temporary issues: External sites may recover - check again before merging

Need Help?

• Review our Broken Link Monitoring docs
• Check the monthly production report for context

---

Internal Links

Full Github Actions output

External Links

Summary

Status	Count
🔍 Total	15
✅ Successful	3
⏳ Timeouts	0
🔀 Redirected	3
👻 Excluded	9
❓ Unknown	0
🚫 Errors	0
⛔ Unsupported	0

Redirects per input

Redirects in content/vault/v1.19.x/content/docs/secrets/databases/mssql.mdx

• [200] https://docs.microsoft.com/en-us/sql/relational-databases/databases/contained-databases | Redirect: Followed 6 redirects resolving to the final status of: OK. Redirects: https://docs.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases?view=sql-server-ver17 --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases?view=sql-server-ver17 --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases?view=sql-server-ver17

Redirects in content/vault/v1.21.x/content/docs/secrets/databases/mssql.mdx

• [200] https://docs.microsoft.com/en-us/sql/relational-databases/databases/contained-databases | Redirect: Followed 6 redirects resolving to the final status of: OK. Redirects: https://docs.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases?view=sql-server-ver17 --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases?view=sql-server-ver17 --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases?view=sql-server-ver17

Redirects in content/vault/v2.x/content/docs/secrets/databases/mssql.mdx

• [200] https://docs.microsoft.com/en-us/sql/relational-databases/databases/contained-databases | Redirect: Followed 6 redirects resolving to the final status of: OK. Redirects: https://docs.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases?view=sql-server-ver17 --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases?view=sql-server-ver17 --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases --[301]--> https://learn.microsoft.com/en-us/sql/relational-databases/databases/contained-databases?view=sql-server-ver17

Full Github Actions output

[schavis]

@sachin-chand01 Is this fix part of 2.0.0?

[schavis]

@sachin-chand01 Is the bug fix part of the May release? If so, please change the merge target to vault/202505 and make sure to add an entry to the 2.x release notes

[sachin-chand01]

@sachin-chand01 Is the bug fix part of the May release? If so, please change the merge target to vault/202505 and make sure to add an entry to the 2.x release notes

@schavis No, this fix is not part of May release. It’s planned for the 2.1.0 release.

[schavis]

@schavis No, this fix is not part of May release. It’s planned for the 2.1.0 release.

So it's part of the October release? I didn't realize we needed a release branch for that already.

Let me create one and you can change the merge target. To clarify: the content repo doesn't work like the product repo. Merging something to main publishes those changes to the public docs immediately.

[sachin-chand01]

So it's part of the October release? I didn't realize we needed a release branch for that already.

Let me create one and you can change the merge target. To clarify: the content repo doesn't work like the product repo. Merging something to main publishes those changes to the public docs immediately.

Got it, that makes sense! Thanks for catching that. I’ll switch the merge target once the release branch is ready.

[Copilot]

Pull request overview

Updates the MSSQL database secrets engine documentation to reflect additional permissions required by the default revocation behavior and to clarify revocation behavior constraints.

Changes:

• Add additional SQL Server permissions (VIEW ANY DEFINITION, VIEW SERVER STATE, VIEW DEFINITION) to the “minimum functionality” grant set.
• Add a warning that the default revocation procedure’s metadata query is scoped to the database in connection_url, which can prevent cleanup when users are created in a different database.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
content/vault/v2.x/content/docs/secrets/databases/mssql.mdx	Adds required grants and clarifies default revocation scoping behavior.
content/vault/v1.21.x/content/docs/secrets/databases/mssql.mdx	Same as v2.x, but contains a duplicated-phrase typo in the newly added warning text.
content/vault/v1.19.x/content/docs/secrets/databases/mssql.mdx	Adds required grants and clarifies default revocation scoping behavior.

[Copilot]

There is a duplicated phrase in this sentence ("utilizes a procedure utilizes a"), which reads like a copy/paste error and makes the warning hard to understand. Please remove the duplicated words (e.g., keep a single "utilizes a" / "uses a").

Suggested change

	This procedure utilizes a procedure utilizes a
	This procedure uses a

[stuti-sr]

LGTM!!