January 12, 2015 at 12:43 pm
Our development department is working on an internal application that will need to create and delete databases as well as logins/user and contained users. It will also need to add databases to high availability groups among other things. We do not want to give users elevated rights which most of this requires. We have determined we can use stored procedures and certificates in SQL Server 2012. Is there any other method we should be looking at? I have looked a little at application roles not it does not look promising.
Charlie
January 13, 2015 at 7:03 am
You've posted this in the wrong forum. I'll ask Steve to move this to the 2012 forum.
January 13, 2015 at 8:45 am
Charles Deaton (1/12/2015)
Our development department is working on an internal application that will need to create and delete databases as well as logins/user and contained users. It will also need to add databases to high availability groups among other things. We do not want to give users elevated rights which most of this requires. We have determined we can use stored procedures and certificates in SQL Server 2012. Is there any other method we should be looking at? I have looked a little at application roles not it does not look promising.Charlie
If you write the core functionality as stored procedures, then the stored procedures can be assigned to run as the OWNER which should be "SA". The application/users would only need PUBLIC privs and the whole process would be carefully controlled by the stored procedures. There's a bit more to it than that but that's the basic CRUX.
As a bit of a side bar, why do you need an application to be able to create, and worse, destroy databases? This sounds very dangerous but I don't know why they need this so can't yet advise otherwise.
--Jeff Moden
Change is inevitable... Change for the better is not.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply