Let's say I am fully on role-based permission but at some point I would need to add new NT Groups and grant role permissions to this new NT Groups.
Here is an example of the hierarchy:
MyDomain/AllUsers (NT Group) - contains -> MyDomain/MyNewGroup - contains -> Some users
I want to add MyDomain/MyNewGroup into the role db_owner but I do not want to add this Group as a Login on the server level.
I do not need SqlCompare to check for group affinity but I want sqlcompre to not doing anything on the server level, i.e. SqlCompare is totally free to create login on the Database level or anything else but not attempting to Create Login on the DB Server itself as the runner for sqlcompare synchronization script is a dbo but not an sa.
As the deployer, I would be responsible for the Logical breakage if that new group cannot login for any reason, but I do not want the upgrade to fail at the spot with a sql error because the runner of the synchronization script do not have permission to create login on the server level.