Versions Compared

Old Version 1

changes.mady.by.user Emma Fullilove (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Emma Fullilove (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

All information contained herein is considered proprietary and confidential. Any unauthorized disclosure or use is prohibited.

Background

To provide maximum flexibility and integration into existing systems, ACM utilizes a Microsoft SQL database to store device configurations, polling statistics, and collected EFM data.

Because SQL Server installations may be managed by an independent DBA teams tasked with minimizing security risks, it is necessary to describe the security permissions required for normal operation of ACM.

To Perform ACM Database Create/Updates:

The following instructions assume a DBA has created an empty database on the server, but the ACM user that will create the tables and objects in the database has not been createdThis page provides instructions to create two different types of users in SQL Server for ACM. One user has only the permissions required for ACM to run; the other has the permissions required for ACM to run and permissions to create and modify ACM database objects.

Table of Contents
minLevel1
maxLevel6
outlinefalse
typeflat
separatorpipe
printabletrue

Non-privileged User

These instructions detail the minimum permissions required for all ACM services to interact with the database. They assume the ACM database and all necessary objects exist. This user cannot perform database updates via ACM Monitor nor can they execute database updates during a new install or ACM Upgrade.

  1. Create a login on the server level per corporate requirements (username, password, password policy etc).

  2. On the “User Mapping” tab, :

    1. map Check the new login checkbox next to the appropriate ACM database and

    2. make Make sure the default schema is “dbo”.

    3. Check the db_datareader, db_datawriter and public database following roles in the “Database membership roles” box below the “Users Mapped”.

    On

    1. Mapped to this login” label

      1. db_datareader

      2. db_datawriter

      3. public

  3. Select the “Securables” tab:.

  4. with

    With the server

    selected

    highlighted, select the “Grant” checkbox next to “View server state”. (This permission allows the user to view the Database Statistics in ACM).

  5. Click OK.

  6. Refresh the “Security/Users” folder in the ACM database, right

  7. Right click the user you just created and choose “Properties”.

  8. Select the “Securables” tab.

  9. Next add Add the other ACM database “Control” permissionrequired permissions for the Bulk Manager and Archive Management processes:

    1. Click the “Search” button

    2. Choose the “Specific Types” option,

    3. Click OK,

    4. Search for Object types “Database”“Tables”

    5. Click the “Browse” button

    6. Select the ACM database you are working with

    7. Click “OK”. The database will show up in the “Securables” grid.

    8. With the database securable selectedfollowing tables:

      1. EdgeEFMConfigurationErrors

      2. tblArchiveStaging

      3. tblCommStatsStaging

      4. tblDailySummary

      5. tblHourlySummary

      6. tblItemStaging

      7. tblPubStaging

    9. Click “OK”

    10. For each table, check the “Grant” checkbox next to “Control”.

Minimum Permissions to run ACM (but not update the database schema)

...

    1. the “Alter” permission.

    2. Click OK.

Privileged User

These instructions include the minimum permissions required to perform ACM database updates and run ACM services. They assume an empty database has already been created on the server, but the ACM user that will create the tables and objects in the database has have not been created.

  1. Create a login on the server level per corporate requirements (username, password, password policy etc).

  2. On the “User Mapping” tab,

    1. map Check the new login checkbox next to the appropriate ACM database and

    2. make Make sure the default schema is “dbo”.

    3. Check the db_datareader, db_datawriter and public database following roles in the “Database membership roles” box below the “Users Mapped”.

    On

    1. Mapped to this login” label

      1. db_datareader

      2. db_datawriter

      3. public

  3. Select the “Securables” tab:

  4. with

    With the server

    selected

    highlighted, select the “Grant” checkbox next to “View server state”. (This permission allows the user to view the Database Statistics in ACM).

  5. Click OK.

  6. Refresh the “Security/Users” folder in the ACM database,

  7. Right click the user you just created and choose “Properties”.

  8. Select the “Securables” tab.

  9. Add the “Control” permission for the ACM database:

    1. Click the “Search” button

    2. Choose the “Specific Types” option,

    3. Click OK,

    4. Search for Object types “Database”

    5. Click the “Browse” button

    6. Select the ACM database you are working with

    7. Click “OK”. The database will show up in the “Securables” grid.

    8. With the database securable selected, check the “Grant” checkbox next to “Control”.

  10. Click OK