Windows Domain Groups for ALS Users

<< Click to Display Table of Contents >>

Navigation:  Administration and Configuration > User Administration >

Windows Domain Groups for ALS Users

Setting up the Application Level Security Role

Setting up LDAP Users for Use in Enterprise

 

This article explains using Windows Domain Groups with Enterprise 7 Application Level Security (ALS) in SQL Server and setting up Lightweight Directory Access Protocol (LDAP) users for access in Enterprise.

 

Note: Enterprise must already be configured for LDAP authentication. See the LDAP Authentication for Enterprise article for more information.

 

 

Setting up the Application Level Security Role

 

1.Set up the Windows Domain Group(s) and add associated group members.

2.In SQL Server Management Studio, add each domain group and apply its appropriate read/write and/or read only SQL permissions.

3.Log in to Enterprise 7 and navigate to the Administrator Dashboard and Role Manager Widget.

4.Select New Role from the Role Manager Widget.

5.Enter a Name for the role that matches the name of the Windows Domain group for best association with the SQL permission set.

6.Additional information on the role can be provided in the Remark section.

7.For the ALS Connection String, use the Trusted Connection connection type:
Server=myServerAddress;Database=myDataBase;Trusted_Connection=True;

8.Add the appropriate Enterprise 7 permissions using the Permissions Manager on the right-hand side of the New Role window.

9.Click Save.

10.Repeat Steps 1-9 for each additional Role.

 

Setting up LDAP Users for Use in Enterprise

 

After creating the roles, set up the users in Enterprise and associate the ALS role with the user account. Only one ALS Role should be active per user account.

 

1.Return to the Administrator Dashboard.

2.On the User Manager Widget, select New User.

3.The Enterprise 7 username must match the Windows Domain login (i.e., Domain\Username).

4.The password field will only be used for authenticating user credentials when submitting EDDs via Enterprise. It does not have to match the Windows Domain password, however, the user will need to know it to submit EDDs.

5.Fill out the remainder of the Account Information and Contact Information, and set the account Status to Active if the account will be immediately active.

6.On the Role Manager section of the New User GUI, find the ALS role set up in the first section of the article. ALS roles will have the EQuIS Globe in the second column. To assign a role, click on the last column in the Role Manager for the ALS role to be used.

7.Additional permissions may be set using the permission manager below the Role Manager of the New User GUI.

8.Click Save.

9.Repeat Steps 1-8 for each new user.