Datasources combine the database type, host address (IP/hostname and port number), and credentials into a unified record.
When a Role is assigned a Datasource, that entity inherits the permissions associated with the credential in that Datasource.
In cases where multiple credentials are desirable for a given host address, the Datasource can be cloned, with an alternate credential provided. This can allow different strongDM users to connect to the same resource, but with different sets of credentials that allow them differing levels of access.
Example: Alice wishes to grant read-only access to a Microsoft SQL Server instance previously set up in strongDM with read-write access. Alice creates a new database user,
sdm-ro, on the SQL Server instance. She then clones the existing Datasource entry, and replaces the read-write credentials with the
sdm-ro username and password.