Additional considerations

In order for Bravura Security Fabric to create a new Windows User login for SQL Server, the user must have an account in the corresponding Windows domain. Bravura Security Fabric includes rules to ensure that when an Active Directory template and an SQL server template are selected as part of the same request, the Active Directory account is created first.

It is highly recommended that you configure Bravura Security Fabric so that users cannot select an SQL Server template without also selecting an Active Directory template, or without already owning an Active Directory account.

For example, the IDWFM REQUEST REWRITE PLUGIN can be used to validate requests when the "postselect_template" key-value is present. If the recipient does not have the Active Directory account or the Active Directory account is not present in the request, then the plugin can deny the request or modify it to include the template.