I would like to create an SQL Azure user and grant her read-only access on a handful of DBs, what script can I use to achieve this?
A pure TSQL script is super messy, SQL Azure disables the USE
command, so you are stuck opening connections to each DB you need to give the user read access.
This is the gist of the pattern.
In Master DB:
CREATE LOGIN reader WITH password='YourPWD';
-- grant public master access
CREATE USER readerUser FROM LOGIN reader;
In each target DB (requires a separate connection)
CREATE USER readerUser FROM LOGIN reader;
EXEC sp_addrolemember 'db_datareader', 'readerUser';