Windows Domain Groups for ALS Users
Copyright © 2019 EarthSoft, Inc • Modified: 12 Nov 2019
This article walks you through the use of Windows Domain Groups with Enterprise 7 Application Level Security (ALS) in SQL Server.
1.Set up the Windows Domain Group(s) and add associated group members.
2.In SQL Server Management Studio, add each domain group and apply its appropriate read/write and/or read only SQL permissions.
3.Log in to Enterprise 7 and navigate to the Administrator Dashboard and Role Manager Widget.
4.Select New Role from the Role Manager Widget.
5.Enter a Name for the role that matches the name of the Windows Domain group for best association with the SQL permission set.
6.Additional information on the role can be provided in the Remark section.
a.For the ALS Connection String, use the Trusted Connection connection type: Server=myServerAddress;Database=myDataBase;Trusted_Connection=True;
7.Add the appropriate Enterprise 7 permissions using the Permissions manager on the right-hand side of the New Role window.
9.Repeat Steps 1-9 for each additional Role.
After creating the roles, set up the users in Enterprise and associate the ALS role with the user account. Only one ALS Role should be active per user account.
1.Return to the Administrator Dashboard.
2.On the User Manager Widget, select New User.
3.The Enterprise 7 username must match the Windows Domain login (i.e. Domain\Username).
4.The password field will only be used for authenticating user credentials when submitting EDDs via Enterprise. It does not have to match the Windows Domain password, however, the user will need to know it to submit EDDs.
5.Fill out the remainder of the Account Information and Contact Information, and set the account Status to Active if the account will be immediately active.
6.On the Role Manager section of the New User GUI, find the ALS role set up in the first section of the article. ALS roles will have the EQuIS Globe in the second column. To assign a role, click on the last column in the Role Manager for the ALS role to be used.
7.Additional permissions may be set using the permission manager below the Role Manager of the New User GUI.
9.Repeat Steps 1-8 for each new user.