Charles Deaton (1/12/2015)
Our development department is working on an internal application that will need to create and delete databases as well as logins/user and contained users. It will also need to add databases to high availability groups among other things. We do not want to give users elevated rights which most of this requires. We have determined we can use stored procedures and certificates in SQL Server 2012. Is there any other method we should be looking at? I have looked a little at application roles not it does not look promising.
If you write the core functionality as stored procedures, then the stored procedures can be assigned to run as the OWNER which should be "SA". The application/users would only need PUBLIC privs and the whole process would be carefully controlled by the stored procedures. There's a bit more to it than that but that's the basic CRUX.
As a bit of a side bar, why do you need an application to be able to create, and worse, destroy databases? This sounds very dangerous but I don't know why they need this so can't yet advise otherwise.
is pronounced "ree-bar
" and is a "Modenism
" for R
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
"If you think its expensive to hire a professional to do the job, wait until you hire an amateur."--Red Adair
"Change is inevitable... change for the better is not."
When you put the right degree of spin on it, the number 3|8
is also a glyph that describes the nature of a DBAs job. 😉
How to post code problems
Create a Tally Function (fnTally)