Charles Deaton (1/12/2015)
Our development department is working on an internal application that will need to create and delete databases as well as logins/user and contained users. It will also need to add databases to high availability groups among other things. We do not want to give users elevated rights which most of this requires. We have determined we can use stored procedures and certificates in SQL Server 2012. Is there any other method we should be looking at? I have looked a little at application roles not it does not look promising.
If you write the core functionality as stored procedures, then the stored procedures can be assigned to run as the OWNER which should be "SA". The application/users would only need PUBLIC privs and the whole process would be carefully controlled by the stored procedures. There's a bit more to it than that but that's the basic CRUX.
As a bit of a side bar, why do you need an application to be able to create, and worse, destroy databases? This sounds very dangerous but I don't know why they need this so can't yet advise otherwise.