Exact Globe+

How to setup security in SQL when working with Exact Globe+

Issue:

I want to tighten my security in SQL for the users of Exact Globe+, but how should I set this up?

Solution:

Security in SQL can be very easy and straight forward, but it can be made very complex as well. The goal of this document is to be a guideline to setup security in SQL for Exact Globe+ in an manageable way and to be used to setup security that users can do in Exact Globe+ what they need to do. In this document it is assumed that an active directory (domain) is installed, if this is not the case this needs to be done first otherwise working with Exact Globe+ in a multi-user environment is not supported.

When setting up security it is always advisable to do this via groups. By putting people in groups, security can be easily distributed by putting people into groups and by moving them out of groups. The following things have to be taken into account:

1. in order to make backups (Exact backup, not a SQL backup) from Exact Globe+, you need special rights in SQL;
2. in order to restore backups (Exact backup, not a SQL backup) from Exact Globe+, you need special rights in SQL;
3. in order to create a new company in Exact Globe+, you need special rights in SQL;
4. in order to delete a company in Exact Globe+, you need special rights in SQL.

Setup access for Exact Globe+ users in SQL:
Please note that after this step users cannot do any of the four specific tasks mentioned above.

• Setup a group for the Exact users in the active directory and put the users that have to work with Exact Globe+ in this group;
• Give this group rights in SQL Server via the enterprise manager or SQL Server Management Studio.
  • go to [Start, Programs, Microsoft SQL Server, Enterprise Manager] or [Start, Programs, Microsoft SQL Server, SQL Server Management Studio]
  • go to the SQL Server you wish to manage and open the container Security and then to logins;
  • right click in the right-hand pane and create a new login.
  • add the group you created in the active directory;
  • go to the tab database access and mark the databases where you want the users to have access. Click on OK;
  • go to the container Databases and go to the databases where the users have access. Remove the database user guest.

After these steps the users have the ability to connect to Exact Globe+ and open a database, but they cannot run any queries via other programs (Excel, Query analyzer, Enterprise Manager, etc) than Exact Globe+.

In order to be able to do the special actions, you need special access rights in SQL. Below is a table with the function in Exact the users wants/needs to do and the role you need in SQL.

Setup special access for Exact Globe+ users in SQL:

• Setup a group for the Exact users in the active directory and put the users that have to work with Exact Globe+ in this group;
• Give this group rights in SQL Server via the enterprise manager or SQL Server Management Studio.
  • go to [Start, Programs, Microsoft SQL Server, Enterprise Manager] or [Start, Programs, Microsoft SQL Server, SQL Server Management Studio]
  • go to the SQL Server you wish to manage and open the container Security and then to logins;
  • right click in the right-hand pane and create a new login.
  • add the group you created in the active directory;
  • go to the tab server role and put the users in the role they need in order to do what they have to do (see tabel above). Click on OK.