Is your feature request related to a problem? Please describe.
A DBA team would like to avoid management of user access on individual basis. They would like to assign a Cockroach role to a group of users in Active Directory Organizational Unit. I imagine same should be available for an LDAP group.
Describe the solution you'd like
An Active Directory group called DatabaseAdmins should have ability to access CockroachDB with an admin role and management of the individual users should be offloaded to AD. A new DBA placed in DatabaseAdmins should have ability to connect with admin rights to Cockroach without ever granting explicit rights in Cockroach. Same goes for other type of roles, backup admin, operator, monitor, etc.
Describe alternatives you've considered
Today, each user is given explicit grant in CockroachDB placing a big operational burden on DBA team to manage accounts.
Additional context
This should be applicable to AD, MIT Kerberos and LDAP.
Epic: CRDB-198
Jira issue: CRDB-4070
Is your feature request related to a problem? Please describe.
A DBA team would like to avoid management of user access on individual basis. They would like to assign a Cockroach role to a group of users in Active Directory Organizational Unit. I imagine same should be available for an LDAP group.
Describe the solution you'd like
An Active Directory group called
DatabaseAdminsshould have ability to access CockroachDB with anadminrole and management of the individual users should be offloaded to AD. A new DBA placed inDatabaseAdminsshould have ability to connect withadminrights to Cockroach without ever granting explicit rights in Cockroach. Same goes for other type of roles, backup admin, operator, monitor, etc.Describe alternatives you've considered
Today, each user is given explicit grant in CockroachDB placing a big operational burden on DBA team to manage accounts.
Additional context
This should be applicable to AD, MIT Kerberos and LDAP.
Epic: CRDB-198
Jira issue: CRDB-4070