Skip to main content

Preparation

Before Bravura Security Fabric can manage database-level accounts on SQL Server, you must:

  1. Install the client software.

  2. Configure a target system administrator.

  3. Create at least one template account

Alternatively, you can grant access by Windows group membership, in which case you can skip the above requirements.

Installing client software

Bravura Security Fabric communicates with the SQL Server server via the TDS protocol. Before you can target the SQL Server, you must install and configure the SQL Server 2005 Service Pack 3, or 2008, client software (connectivity only) on the Bravura Security Fabric server.

Consult the documentation included with your SQL Server client software for more information.

Defining a server alias

Optionally, you can define a server alias for the SQL Server server that Bravura Security Fabric will connect to. You can then set the Bravura Security Fabric target system address to use this alias. Alternatively, if you don’t want to define an alias, you can target the SQL Server using its original server name.

Steps for defining an alias vary depending on your version of the software. Ensure that you specify the TCP/IP protocol in the configuration.

Configuring a target system administrator

Bravura Security Fabric uses a designated account (for example, psadmin) on the SQL Server target system, or a Domain account login (for example, MYAD\admin) to perform operations.

Assign the target system administrator the System Administrators (sysadmin) server role. Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the SQL Server target system to Bravura Security Fabric .

Creating a template account

Bravura Security Fabric uses template accounts as models or "blueprints" for creating new SQL Server accounts. This section provides examples to illustrate how you can create a template account on your SQL Server server.

Login types

The types of logins are as follows:

Creating a template account for a Windows User login

Use the following procedure to grant a Windows user account access to a SQL Server system. See your SQL Server system administrator or SQL Server documentation for more information if required.

To create a template account for a Windows user:

  1. Start SQL Server Enterprise Manager.

  2. Expand Console Root > Microsoft SQL Servers > <server group> > <server name> > Security.

    Where <server name> is the name of the SQL Server target system, and <server group> is the server group to which the target belongs.

  3. Right-click Logins, then select New Login.

    The SQL Server Login Properties - New Login window displays.

  4. Select the General tab if it does not have focus.

  5. Ensure the Windows Authentication method is selected.

  6. In the Name field, type the Windows user ID for the account being used as the template, or click the Browse button to the right of the field and select the user ID.

    The Windows Authentication Domain automatically completes depending on what is entered in the Name field.

  7. For Security access, ensure the Grant access radio button is selected.

  8. The Default database is already set, but if required, you can change it to a database of your choice.

  9. Select the Server Roles tab and assign the appropriate server roles in the Server Roles list box.

  10. Click the Database Access tab and assign the individual databases to which the template should have access.

  11. In the Permit in Database Role list box, select the appropriate permissions.

  12. Click OK.

Creating a template account for a Standard login

Use the following procedure to create a standard user account on an SQL Server system. See your SQL Server system administrator or SQL Server documentation for more information.

To create a template account for a Standard user:

  1. Start SQL Server Enterprise Manager.

  2. Expand Console Root > Microsoft SQL Servers > <server group> > <server name> > Security.

    Where <server name> is the name of the SQL Server target system, and <server group> is the server group to which the target belongs.

  3. Right-click Logins, then select New Login.

    The SQL Server Login Properties - New Login window displays.

  4. Select the General tab if it does not currently have focus.

  5. In the Name field, type a Standard user ID.

  6. For Authentication, select SQL Server Authentication.

    You are prompted to assign a password.

  7. Type a password of your choice in the Password field and press Enter.

    You are prompted to confirm the password.

  8. For Security access, ensure the Grant access radio button is selected.

  9. The Default database is already set, but if required, change it to a database of your choice.

  10. Click the Server Roles tab and assign the appropriate server roles using the Server Roles list box.

  11. Click the Database Access tab and assign the individual databases to which the template should have access.

  12. In the Permit in Database Role list box, select the appropriate permissions.

  13. Click OK.

Granting access by Windows group membership

If you are running an SQL Server in either mode, but prefer to manage the SQL Server access by Windows group membership, you can do the following:

  1. Create a Windows server or Active Directory group for users that require access to the SQL Server database(s).

  2. Create a template account on the appropriate Windows server or Active Directory target system.

  3. Ensure that the template user is a member of the designated group.

Grant the newly created group access to the server by following the procedure in Creating a template account for a Windows User login . In Step 6, replace the template ID with the group name.

When a new user is created from a template user, the new user becomes a member of the group and is granted access to the SQL Server.

In this section: