This repository has been archived by the owner on Jan 21, 2022. It is now read-only.
Make default role configurable to db_owner or db_ddladmin #3
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This will create user for a cf binding with a db_ddladmin role and almost full grants for the dbo schema. Previously the binding created a sql user with a db_owner role. This is dangerous because it can create backups (i.e. leak disk resources), drop the database (broker needs extra error and orphan handling), drop other users (i.e. delete cf bindings), etc...
My concern is that this will prevent some apps to work correctly with the db_ddladmin role and dbo schema access. After some testing this access levels where enough for the contoso university sample app and nopCommerce for schema migration/installation and normal operation.
@viovanov / @mihaibuzgau do you have any suggestions? Are there other tests or apps that I could run? Or is it safe for now to stick with the db_owner role to provide maximum compatibility for app?