On Wed, May 6, 2020 at 5:05 PM AC Gomez <ant...@gmail.com> wrote: > We have developed some code that creates a new role to be used as the main > role for DB usage. This code will be called on a predetermined frequency to > act a role/pwd rotation mechanism. >
> Each time the code is run we feed it the prior role that was created (the > Db owner being the initial role fed in). > Frankly, I don't know why your algorithm is failing to work but I'd suggest you implement a better algorithm. Ownership and permissions are granted to roles (groups) that are not allowed to login. Login roles are made members of the group roles. I suppose the main question is, why would a bunch of grant and revoke > commands run and not do anything, not even throw an error? > Maybe its a bug? - I doubt this kind of manipulation is all that common or tested given the presence of what seems to be a superior alternative. David J. > >
