On Wed, May 6, 2020 at 5:05 PM AC Gomez <antklc@xxxxxxxxx> wrote:
We have developed some code that creates a new role to be used as the main role for DB usage. This code will be called on a predetermined frequency to act a role/pwd rotation mechanism.
Each time the code is run we feed it the prior role that was created (the Db owner being the initial role fed in).
Frankly, I don't know why your algorithm is failing to work but I'd suggest you implement a better algorithm.
Ownership and permissions are granted to roles (groups) that are not allowed to login.
Login roles are made members of the group roles.
I suppose the main question is, why would a bunch of grant and revoke commands run and not do anything, not even throw an error?
Maybe its a bug? - I doubt this kind of manipulation is all that common or tested given the presence of what seems to be a superior alternative.
David J.
