In SSDT project, you could create everything you want and keep them identical with target database. However, security might be an exception, few reason you might want to manage security out side of SSDT project:
- You need to create a login in order to map a database user, and grant user whatever premission.
- You may need to update permission for logins/users which are not yet in SSDT project.
- SSDT project may be managed via a source control, like git and build&deploy via CI/CD tools, but different environments have different security principals. This could be a challenge to manage all security in SSDT project.
In these scenarios, you could create nothing about login/user objects in SSDT, but instead manage full security out side via some other methodology. To do so, you could make corresponding build profile settings:
SSDT Project -> Publish -> Advanced -> Drop (6 options to selected).
In the build profile, there are corresponding options:
Let me know if you have any comments.