Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
a
acoustic-hamburger-30479
11/22/2022, 6:07 AMHello everyone,
I’ve got a general question about databases. What is your approach to manage things like users and roles? Sure, the script can create the user (login), but then you need to manually assign that user to a role. I am using sqlserver and that has ever been a painful process. Has anyone come up with something that makes things easier to manage?
b
brave-motorcycle-67487
11/22/2022, 8:58 PMI haven't looked at sqlserver stuff, but I would expect to manage roles with pulumi just like user creation. I've done that with AWS IAM users, as a parallel.
A very different approach is to not have static users as much as possible, and use something like https://developer.hashicorp.com/vault/docs/secrets/databases/mssql to dynamically create users as your programs request them. That's a much more complicated setup and a bigger adjustment to make, but has good security benefits.
a
acoustic-hamburger-30479
11/23/2022, 5:29 AMThis definitely looks nice, but is not currently on my roadmap. Looking for a similar way to execute a script on user creation. Btw, it’s not only for application users, but also for personal ones