Skip to main content

Preparation

Before Bravura Security Fabric can manage application accounts in a SQL Server database, you must:

  1. Install the client software.

  2. Define a server alias (optional).

  3. Configure a target system administrator.

  4. Create at least one template account to provision accounts for this target.

  5. Write a script to configure connector behavior

Installing client software

Bravura Security Fabric communicates with the SQL Server server via the TDS protocol. Before you can target the SQL Server, you must install and configure the SQL Server 2005 Service Pack 3, or 2008, or 2012 client software (connectivity only) on the Bravura Security Fabric server.

Consult the documentation included with your SQL Server client software for more information.

Defining a server alias

Optionally, you can use the SQL Server Client Network Utility to define a server alias for the SQL Server server to which Bravura Security Fabric will connect. You can then set the Bravura Security Fabric target system address to use this alias. Alternatively, if you don’t want to define an alias, you can target the SQL Server using its original server name.

Steps for defining an alias vary depending on your version of the software. Ensure that you specify the TCP/IP protocol in the configuration.

Configuring a target system administrator

Bravura Security Fabric uses a designated account (for example, psadmin) on the SQL Server target system, or a Domain account login (for example, MYAD\admin) to perform operations. The target system administrator requires SQL Server back end database privileges that grant execution of SQL commands used in the written script.

Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the SQL Server target system to Bravura Security Fabric .

Creating a template account

Bravura Security Fabric uses template accounts as models or "blueprints" for creating new SQL Server accounts.

The steps required to create a template account depend on your application. Consult your systems administrator or application documentation for more information.

To learn how to create a template for SQL Server database-level accounts, see Creating a template account.

Writing a script to configure connector behavior

You write a script file to define SQL commands used in the interaction between the agtsqlscript connector and the SQL Server database. A sample script, agtsqlscript . cfg is contained in the samples directory. Note that any sample script may need customizations in order to work with your system.

Learn about writing script files for SQL application connectors.

Using Transactions

A script for targeting a SQL Server hosted application can use transactions to commit work only if all SQL statements are successful.

A key-value of "usetransaction" enables or disables the use of transactions. The key-value "usetransaction" is available to each operation KVGroup and is either true or false.

For example:

   "m-tech:agents:sqlscript" "1.1" = {
     "operation" "reset" = {
       ...
       "usetransaction" = "true"
       ...
     }
   ...
   }

Executing SQL statements at block level

When the connector encounters any errors in an operation which contains multiple blocks, it is able to proceed to run following SQL blocks by enabling "proceedblocks". By default this is disabled.

This flag only applies to the operations that involve changing, which include: rename, updatesubscriber, change, verifyreset, reset, lock, unlock, enable, disable, resetexpirepw, expirepw, unexpirepw, expireacct, unexpireacct, delete, groupuseradd, groupuserdelete, groupgroupadd, groupgroupdelete.

A key-value of "proceedblocks" enables or disables the use of proceeding at block level. The key-value "proceedblocks" is available to each operation KVGroup and is either true or false.

For example:

  "m-tech:agents:sqlscript" "1.1" = {
     "operation" "delete" = {
       ...
       "proceedblocks" = "true"
       ...
     }
   ...
   }
In this section: