How to setup security in SQL when working with Exact Globe+
Issue:
I want to tighten my security in SQL for the users of Exact Globe+, but
how should I set this up?
Solution:
Security in SQL can be very easy and straight forward, but
it can be made very complex as well. The goal of this document is to be a
guideline to setup security in SQL for Exact Globe+ in an manageable way and to be used to
setup security that users can do in Exact Globe+ what they need to do. In this document
it is assumed that an active directory (domain) is installed, if this is not the
case this needs to be done first otherwise working with Exact Globe+ in a multi-user environment
is not supported.
When setting up security it is always advisable to do this via groups. By
putting people in groups, security can be easily distributed by putting people
into groups and by moving them out of groups. The following things have to be
taken into account:
- in order to make backups (Exact backup, not a SQL backup) from Exact Globe+, you
need special rights in SQL;
- in order to restore backups (Exact backup, not a SQL backup) from Exact Globe+, you
need special rights in SQL;
- in order to create a new company in Exact Globe+,
you need special rights in SQL;
- in order to delete a company in Exact Globe+, you need special rights
in SQL.
Setup access for Exact Globe+ users in SQL:
Please
note that after this step users cannot do any of the four specific tasks
mentioned above.
- Setup a group for the Exact users in the active
directory and put the users that have to work with Exact Globe+ in this
group;
- Give this group rights in SQL Server via the
enterprise manager or SQL Server Management Studio.
- go to [Start, Programs, Microsoft SQL Server, Enterprise Manager] or [Start, Programs, Microsoft SQL Server, SQL Server Management Studio]
- go to the SQL Server you wish to manage and open
the container Security and then to logins;
- right click in the right-hand pane and create a new
login.
- add the group you created in the active directory;
- go to the tab database access and mark the
databases where you want the users to have access. Click on OK;
- go to the container Databases and go to the databases where the users
have access. Remove the database user guest.
After these steps the users have the ability to connect to Exact Globe+
and open a database, but they cannot run any queries via other programs (Excel,
Query analyzer, Enterprise Manager, etc) than Exact Globe+.
In order to be able to do the special actions, you need special access rights
in SQL. Below is a table with the function in Exact the users wants/needs to do
and the role you need in SQL.
Function in Exact Globe+ |
Role in SQL Server |
Make a backup in Exact |
Sysadmin server role |
Restore a backup in Exact |
Sysadmin and/or dbcreator server role |
Create a new company in Exact |
Sysadmin and/or dbcreator server role |
Delete a company in Exact |
Sysadmin and/or dbcreator server role |
Setup special access for Exact Globe+ users in SQL:
- Setup a group for the Exact users in the active directory and put the
users that have to work with Exact Globe+ in this group;
- Give this group rights in SQL Server via the enterprise manager or SQL Server Management Studio.
- go to [Start, Programs, Microsoft SQL Server, Enterprise Manager] or [Start, Programs, Microsoft SQL Server, SQL Server Management Studio]
- go to the SQL Server you wish to manage and open the container Security
and then to logins;
- right click in the right-hand pane and create a new login.
- add the group you created in the active directory;
- go to the tab server role and put the users in the role they need in
order to do what they have to do (see tabel above). Click on
OK.
Main Category: |
Attachments & notes |
Document Type: |
Support - On-line help |
Category: |
|
Security level: |
All - 0 |
Sub category: |
|
Document ID: |
10.883.187 |
Assortment: |
Exact Globe+
|
Date: |
25-10-2022 |
Release: |
|
Attachment: |
|
Disclaimer |