Managing Permissions between environments

A SQL Server Management Studio add-in to source control your database in Subversion or Team Foundation Server.

Moderators: Chris Auckland, David Atkinson, sherr, PhilScrace

Managing Permissions between environments

Postby cousinsp » Tue Jun 28, 2011 5:41 pm

We've just started using SQL Source Control (with VisualSVN server). Loving it. We have dev, test and live SQL Servers. We're now obviously trying to ensure that database code, schema etc. do not have to change between environments - makes my as a dba a job a lot easier. We're hitting a problem with permissions - the database in test needs a certain AD group to access it, which is a different group from live. I've proposed the use of database roles - which is great for the SQL code for tables etc., but the script to create the database role is different for each environment (got different users in the role). How do I handle that with SQL Source control, or is there another way?
Pete Cousins
cousinsp
 
Posts: 22
Joined: Thu May 21, 2009 1:15 pm
Location: Bournemouth, UK

Postby David Atkinson » Tue Jun 28, 2011 7:22 pm

Is it possible to maintain source control to be consistent with your dev and test environments, and only when you promote to 'live' do you address the permissions disparity?

To achieve this, assuming you use SQL Compare to push changes to live, ensure the 'Ignore Permissions' option is selected before running the comparison to avoid your test permissions to be moved across.

I'd be interested to know if this approach would work for you so do let us know how you get on.

Kind regards,

David Atkinson
Red Gate Software
David Atkinson
 
Posts: 1124
Joined: Mon Dec 05, 2005 4:54 pm
Location: Twitter: @dtabase

Permissions

Postby cousinsp » Wed Jun 29, 2011 2:46 pm

Thanks for your post. Even dev and test have different permissions. I've tried creating a local group on the SQL server, and adding that to the DB role, thinking that would give a level of abstraction, but SQL includes the server name with the local group name.
At the moment I'm excluding the definition of the database role from Source Control, but including the permissions granted to the role on table definitions etc. Just need to make sure the role is in each environment before code is deployed.
It gets a bit confusing as SQL compare picks up the role when I do deployments, so I have to actually read the screen and check the right objects before deploying. Wouldn't it be nice just to be able to do a quick check and click 'deploy'. Can objects be excluded from the compare?
Pete Cousins
Pete Cousins
cousinsp
 
Posts: 22
Joined: Thu May 21, 2009 1:15 pm
Location: Bournemouth, UK

Postby David Atkinson » Wed Jun 29, 2011 3:17 pm

Yes, there's a filter feature in SQL Compare that will let you exclude object types and specific objects by defining rules. In the comparison results screen, click "Filter Setup" from the toolbar. Your changes will be saved with your salved SQL Compare project.

Let us know if you manage to get this working in your environment. And of course if there's a modification we can make to existing behavior that would better suit your needs, please do let us know.

David
David Atkinson
 
Posts: 1124
Joined: Mon Dec 05, 2005 4:54 pm
Location: Twitter: @dtabase


Return to SQL Source Control 1

Who is online

Users browsing this forum: No registered users and 0 guests