Database access rights

SafeGuard Enterprise is set up in such a way that, to work with the SQL database, it only needs a single user account with minimum access rights for the database. This user account is used by the SafeGuard Management Center and is only issued to the first SafeGuard Management Center security officer. This guarantees the connection to the SafeGuard Enterprise Database. While SafeGuard Enterprise is running, a single SafeGuard Management Center security officer only needs read/write permission for the SafeGuard Management Center Database.

The SafeGuard Enterprise Database can either be created manually or automatically during first-time configuration in the SafeGuard Management Center. If it is created automatically, extended access rights for the SQL database (db_creator) are needed for the first SafeGuard Management security officer. However, these rights can be revoked afterwards by the SQL administrator until the next install/update.

If extending permissions during SafeGuard Management Center configuration is undesirable, the SQL administrator can generate the SafeGuard Enterprise Database with a script. The two scripts included in the product delivery, CreateDatabase.sql and CreateTables.sql, can be run for this purpose.

The following table shows the necessary SQL permissions for Microsoft SQL Server.

SQL Server 2012, SQL Server 2012 Express Access Right
Create database
Server db_creator
Master database None
SafeGuard Enterprise Database db_ownerpublic (default)
Use database
Server None
Master database None
SafeGuard Enterprise Database db_datareader

db_datawriter

public (default)