Security - SQL Server based Systems

Navigation:  Setup > Security >

Security - SQL Server based Systems

 Previous pageReturn to chapter overviewNext page

ESdat offers the ability to control permissions using a User Name / Password combination, or using Windows Authentication.

 

The following levels of permission are provided with standard databases.

 

Database Owner (Unrestricted)        

Role Membership: DBO

Only a few "power" users should have dbo access, most users would typically have read/write access permissions. (below).

 

DBO permissions are required to

modify any of the lookup tables,

set projects as inactive (or back to active)

do any tasks under the top section of the ESdat Setup menu.

customize database schema, such as edit output views, tables or fields

allocate permissions to users with Read-Only permissions

 

 

Read/Write                                        

Role Membership: db_datareader, db_datawriter, ESdat_APP_REQUIREMENTS

Users with Read/Write permissions can select which sites they will have access to.  Therefore they are able to access any site in the database.

Edits can only be made to sites which they have granted themselves access to, and which have active projects.

Can’t make themselves an owner of a Chemistry Profile, although they can create an additional Chemistry Profile and will automatically be an owner.

Can't modify Chemistry Settings under zRef_Chemistry_Lookup_Profiles, unless they are the owner of the profile

Can't edit Environmental Standards, unless they are the person who added them.

Can't change settings in the top section of the Setup Menu.

 

Read Only

Role Membership: ESdat_READ_ONLY, ESdat_APP_REQUIREMENTS

Users with Read Only permissions can only see the sites for which they have permission, as assigned by a database owner.

Can't see anything under "Data Tables".  Can only use standard views under the Data-Type buttons.

 

Variations

If required, additional restrictions or permissions can be implemented by use of standard SQL Server functionality.  All security is implemented within the database, and no additional security is provided through the ESdat application.  This prevents users attempting to bypass security through entering database connection information into other applications.

 

Documentation of Roles provided with ESdat

Documentation of these security roles used to implement permissions would be of interest to users attempting to bypass security.  Therefore the documentation is not provided in electronic form.  The documentation may be provided upon request and at our discretion and will be in hard-copy format which must not be stored electronically or further distributed.