December 3, 2013 at 7:40 am
First, I apologize if this topic wasn't the right place for this post.
I am looking for a good standard for database role creation across my entire environment. I was hoping people might share what standard they use.
do you create the same database roles for each schema across all of your databases for consistency and assign database users to those roles as needed? Many roles would go unused, but having them available if needed might not be a bad thing.
do you primarily use the built in database roles?
do you just create them as you need them? (this has led to inconsistency in our environment).
I think consistency would be nice for ease of administration, but I would like to know what other people are doing. There might be a great solution out there that I'm just not thinking of...
Thank you 🙂
Kim
December 3, 2013 at 10:54 am
I very seldom use the built-in roles. I always build the roles custom. but, I only build them as needed. Not all roles are ever needed on all databases. And, some roles are unique to some databases. I'm a fan of consistency, but only where it's actually serving me. I don't like consistency just for consistency's sake.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
December 4, 2013 at 12:27 pm
I mostly used the built-in roles, but because using only teh built-in roles would sometimes mean either splitting data I want to have in one database over two (or more) databases (preventing some highly desirable uses of declarative referential consistency) or giving some logins more privileges than ideally they should have I sometimes made custom roles. In my experience it is rare for a custome role to be common to many databases, so not making the roles the same in every database reduces clutter - and I certainly don't see it as promoting inconsistency.
Tom
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply