Hello everyone, I’ve got a general question about ...
# general
Hello everyone, I’ve got a general question about databases. What is your approach to manage things like users and roles? Sure, the script can create the user (login), but then you need to manually assign that user to a role. I am using sqlserver and that has ever been a painful process. Has anyone come up with something that makes things easier to manage?
I haven't looked at sqlserver stuff, but I would expect to manage roles with pulumi just like user creation. I've done that with AWS IAM users, as a parallel.
A very different approach is to not have static users as much as possible, and use something like https://developer.hashicorp.com/vault/docs/secrets/databases/mssql to dynamically create users as your programs request them. That's a much more complicated setup and a bigger adjustment to make, but has good security benefits.
This definitely looks nice, but is not currently on my roadmap. Looking for a similar way to execute a script on user creation. Btw, it’s not only for application users, but also for personal ones