Page Comparison

Background

To provide maximum flexibility and integration into existing systems, ACM utilizes a Microsoft SQL database to store device configurations, polling statistics, and collected EFM data.

Because SQL Server installations may be managed by an independent DBA teams tasked with minimizing security risks, it is necessary to describe the security permissions required for normal operation of ACM.

...

Minimum Permissions to Perform ACM Database Updates:

The following instructions assume a DBA has created an empty database on the server, but the ACM user that will create the tables and objects in the database has have not been created.

1. Create a login on the server level per corporate requirements (username, password, password policy etc).

2. On the “User Mapping” tab,

   1. map Check the new login checkbox next to the appropriate ACM database and

   2. make Make sure the default schema is “dbo”.

   3. Check the db_datareader, db_datawriter and public database following roles in the “Database membership roles” box below the “Users Mapped”.

   On

   1. Mapped to this login” label

      1. db_datareader

      2. db_datawriter

      3. public

3. Select the “Securables” tab:

4. with

   With the server

   selected

   highlighted, select the “Grant” checkbox next to “View server state”.

5. Click OK.

6. Refresh the “Security/Users” folder in the ACM database, right

7. Right click the user you just created and choose “Properties”.

8. Select the “Securables” tab.

9. Next add the other Add the “Control” permission for the ACM database “Control” permission:

   1. Click the “Search” button

   2. Choose the “Specific Types” option,

   3. Click OK,

   4. Search for Object types “Database”

   5. Click the “Browse” button

   6. Select the ACM database you are working with

   7. Click “OK”. The database will show up in the “Securables” grid.

   8. With the database securable selected, check the “Grant” checkbox next to “Control”.

10. Click OK

Minimum Permissions to run ACM

...

Services

The following instructions assume a DBA has created an empty database on the server, but the ACM user that will create the tables and objects in the database has not been createdACM database and all necessary objects exist. This user will be unable to perform database updates via ACM Monitor and unable to execute database updates during a new install or ACM Upgrade.

1. Create a login on the server level per corporate requirements (username, password, password policy etc).

2. On the “User Mapping” tab, :

   1. map Check the new login checkbox next to the appropriate ACM database and

   2. make Make sure the default schema is “dbo”.

   3. Check the db_datareader, db_datawriter and public database following roles in the “Database membership roles” box below the “Users Mapped”.

   On

   1. Mapped to this login” label

      1. db_datareader

      2. db_datawriter

      3. public

3. Select the “Securables” tab:.

4. with

   With the server

   selected

   highlighted, select the “Grant” checkbox next to “View server state”.

5. Click OK.

6. Refresh the “Security/Users” folder in the ACM database,

7. Right click the user you just created and choose “Properties”.

8. Select the “Securables” tab.

9. Add the other ACM required permissions for the Bulk Manager and Archive Management processes:

   1. Click the “Search” button

   2. Choose the “Specific Types” option

   3. Click OK

   4. Search for Object types “Tables”

   5. Click the “Browse” button

   6. Select the following tables:

      1. EdgeEFMConfigurationErrors

      2. tblArchiveStaging

      3. tblCommStatsStaging

      4. tblDailySummary

      5. tblHourlySummary

      6. tblItemStaging

      7. tblPubStaging

   7. Click “OK”

   8. For each table, check the “Grant” checkbox next to the “Alter” permission.

   9. Click OK.