No elevated right yet need to create a database.

  • Charles Deaton

    Old Hand

    Points: 372

    Our development department is working on an internal application that will need to create and delete databases as well as logins/user and contained users. It will also need to add databases to high availability groups among other things. We do not want to give users elevated rights which most of this requires. We have determined we can use stored procedures and certificates in SQL Server 2012. Is there any other method we should be looking at? I have looked a little at application roles not it does not look promising.

    Charlie

  • Brandie Tarvin

    SSC Guru

    Points: 172537

    You've posted this in the wrong forum. I'll ask Steve to move this to the 2012 forum.

    Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

  • Jeff Moden

    SSC Guru

    Points: 994693

    Charles Deaton (1/12/2015)


    Our development department is working on an internal application that will need to create and delete databases as well as logins/user and contained users. It will also need to add databases to high availability groups among other things. We do not want to give users elevated rights which most of this requires. We have determined we can use stored procedures and certificates in SQL Server 2012. Is there any other method we should be looking at? I have looked a little at application roles not it does not look promising.

    Charlie

    If you write the core functionality as stored procedures, then the stored procedures can be assigned to run as the OWNER which should be "SA". The application/users would only need PUBLIC privs and the whole process would be carefully controlled by the stored procedures. There's a bit more to it than that but that's the basic CRUX.

    As a bit of a side bar, why do you need an application to be able to create, and worse, destroy databases? This sounds very dangerous but I don't know why they need this so can't yet advise otherwise.

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
    "If you think its expensive to hire a professional to do the job, wait until you hire an amateur."--Red Adair
    "Change is inevitable... change for the better is not."
    When you put the right degree of spin on it, the number 3|8 is also a glyph that describes the nature of a DBAs job. 😉

    Helpful Links:
    How to post code problems
    Create a Tally Function (fnTally)

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply