Granular permissions for the SQL Server and database
To implement a One Identity Manager database or a One Identity Manager History Database on a SQL Server or a managed instance in Azure SQL Database, you are provided with SQL Server logins and database users for administrative users, configuration users and end users. Permissions at server and database level are matched to suit the user's tasks.
Normally, you cannot edit users and permissions. It may be necessary to set up an additional database user to use a One Identity Manager History Database.
For more information about users and their permissions, see the One Identity Manager Installation Guide. and the One Identity Manager Data Archiving Administration Guide.
Related topics
Displaying database server logins
To display login information
-
In the Designer, select the Base data > Security settings > Database server permissions > Database server login category.
-
Select the database server login. The following information is displayed:
-
Login name: The user's SQL Server login.
-
Database server login: Type of database user.
-
Access level: The access level for logging in. The access levels displayed are End user, Configuration user, Administrative user, System administrator, and Unknown.
-
To show the database roles and server roles that are assigned, select the Database or server role tab.
Displaying users' access levels
NOTE:
-
If you select an existing database connection in the connections dialog, the access level of the login to be used is shown in a tooltip.
-
Some user interfaces expect configuration user permissions at least. Logging in as an end user is not possible in this case.
To find the access level of the logged in user
-
To display user information, double-click the icon in the program status bar
On the System user tab, in the SQL access level field, you will see the access level for the current login. The access levels displayed are End user, Configuration user, Administrative user, System administrator, and Unknown.
Related topics
Displaying server roles and database roles permissions
Server and database permissions are predefined and cannot be modified.
NOTE: The End user role database role is permitted for custom schema extensions.
To display server and database permissions
-
In the Designer, select server role or the database role in the Base data > Security settings > Database server permissions > Database server login category.
This opens the List Editor showing a list of permissions.