Database access rights
SafeGuard Enterprise is set up in such a way that, to work with the SQL database, it only needs a single user account with minimum access rights for the database.
The SafeGuard Enterprise Database can either be created manually or automatically during first-time configuration in the SafeGuard Management Center. If it is created automatically, extended access rights for the SQL database (db_creator) are needed for the first SafeGuard Management security officer. However, these rights can be revoked afterwards by the SQL administrator until the next install/update.
While SafeGuard Enterprise is running, a single SafeGuard Management Center security officer only needs read/write permission for the SafeGuard Management Center Database.
If extending permissions during SafeGuard Management Center configuration is undesirable, the SQL administrator can generate the SafeGuard Enterprise Database with a script. The two scripts included in the product delivery, CreateDatabase.sql and CreateTables.sql, can be run for this purpose.
The following table shows the necessary SQL permissions for Microsoft SQL Server.
|
SQL Server |
Access Right |
|---|---|
|
Create database |
|
|
Server |
db_creator |
|
Master database |
None |
|
SafeGuard Enterprise Database |
db_ownerpublic (default) |
|
Use database |
|
|
Server |
None |
|
Master database |
None |
|
SafeGuard Enterprise Database |
db_datareader db_datawriter public (default) |