sgdan · October 19, 2018 20:14
diff --git a/rds-create-db-user-example.sql b/rds-create-db-user-example.sql
 /*
    Example for AWS SQL Server RDS instance:
    - create database
    - create login with basic permissions

    Since RDS is managed there are some restrictions when creating users and assigning
    permissions. This procedure shows how to create a database and login with combinations
    of ddl, read and write permissions.
 */
 create procedure #createdbuser (
    @db nvarchar(max),
    @login nvarchar(max),
    @user nvarchar(max),
    @pass nvarchar(max),
    @canCreate bit,
    @canWrite bit,
    @canRead bit
 ) as begin
    if exists (select * from master.sys.databases where name = @db)
        print 'database ' + @db + ' already exists'
    else exec ('create database ' + @db)

    if exists (select * from master.sys.sql_logins where name = @login)
        print 'login ' + @login + ' already exists'
    else exec('create login ' + @login + ' with password = ''' + @pass + ''', check_policy = OFF')

    exec('use ' + @db + ';'
        + ' if exists(select * from sys.database_principals where name = ''' + @user + ''') print ''user ' + @user + ' already exists'''
        + ' else create user ' + @user + ' for login ' + @login + ' with default_schema = dbo')

    if @canCreate = 1 exec('use ' + @db + '; alter role db_ddladmin add member ' + @user)
    if @canWrite = 1 exec('use ' + @db + '; alter role db_datawriter add member ' + @user)
    if @canRead = 1 exec('use ' + @db + '; alter role db_datareader add member ' + @user)
 end
 go

 exec #createdbuser 'testdb', 'testlogin', 'testuser', 'testpass', true, true, true
 exec #createdbuser 'testdb', 'rwlogin', 'rwuser', 'rwpass', false, true, true
 exec #createdbuser 'testdb', 'rologin', 'rouser', 'ropass', false, false, true
 drop procedure #createdbuser

 /*
 drop database testdb
 drop login testlogin
 drop login rwlogin
 drop login rologin
 */
	/*
	Example for AWS SQL Server RDS instance:
	- create database
	- create login with basic permissions

	Since RDS is managed there are some restrictions when creating users and assigning
	permissions. This procedure shows how to create a database and login with combinations
	of ddl, read and write permissions.
	*/
	create procedure #createdbuser (
	@db nvarchar(max),
	@login nvarchar(max),
	@user nvarchar(max),
	@pass nvarchar(max),
	@canCreate bit,
	@canWrite bit,
	@canRead bit
	) as begin
	if exists (select * from master.sys.databases where name = @db)
	print 'database ' + @db + ' already exists'
	else exec ('create database ' + @db)

	if exists (select * from master.sys.sql_logins where name = @login)
	print 'login ' + @login + ' already exists'
	else exec('create login ' + @login + ' with password = ''' + @pass + ''', check_policy = OFF')

	exec('use ' + @db + ';'
	+ ' if exists(select * from sys.database_principals where name = ''' + @user + ''') print ''user ' + @user + ' already exists'''
	+ ' else create user ' + @user + ' for login ' + @login + ' with default_schema = dbo')

	if @canCreate = 1 exec('use ' + @db + '; alter role db_ddladmin add member ' + @user)
	if @canWrite = 1 exec('use ' + @db + '; alter role db_datawriter add member ' + @user)
	if @canRead = 1 exec('use ' + @db + '; alter role db_datareader add member ' + @user)
	end
	go

	exec #createdbuser 'testdb', 'testlogin', 'testuser', 'testpass', true, true, true
	exec #createdbuser 'testdb', 'rwlogin', 'rwuser', 'rwpass', false, true, true
	exec #createdbuser 'testdb', 'rologin', 'rouser', 'ropass', false, false, true
	drop procedure #createdbuser

	/*
	drop database testdb
	drop login testlogin
	drop login rwlogin
	drop login rologin
	*/