No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello everyone,
I’ve got a general question about databases. What is your approach to manage things like users and roles? Sure, the script can create the user (login), but then you need to manually assign that user to a role. I am using sqlserver and that has ever been a painful process. Has anyone come up with something that makes things easier to manage?

I haven't looked at sqlserver stuff, but I would expect to manage roles with pulumi just like user creation.  I've done that with AWS IAM users, as a parallel.

A very different approach is to not have static users as much as possible, and use something like <https://developer.hashicorp.com/vault/docs/secrets/databases/mssql> to dynamically create users as your programs request them.  That's a much more complicated setup and a bigger adjustment to make, but has good security benefits.

This definitely looks nice, but is not currently on my roadmap. Looking for a similar way to execute a script on user creation. Btw, it’s not only for application users, but also for personal ones