SQL Server 2000 and AccuMark
SQL Server 2000 and AccuMark
SQL Server 2000 and AccuMark
This document illustrates how Microsoft SQL-Server2000 can be used with AccuMark Family Professional Edition software (MSDE/SQL is not supported on AccuMark Advanced Edition) to allow AccuMark users to create storage areas and to access them. While all permissions below can be defined for single users, it is highly suggested to define a Group of users to reduce administrative workload. The example below defines only one User Group, giving all users the same access to all storage areas. Using the same procedure to define multiple User Groups assigning different access permissions for users or for storage areas. On most networks AccuMark users will be defined as standard Users (with no Administration rights). By default, such users are not able to create new databases on an SQL-server 2000 (databases are where the AccuMark storage area data is stored). User and Group Management A user account is a collection of information that tells Windows which user rights and access permissions a user has on a computer. A group is a collection of user accounts, computers, contacts or other user groups. By adding a user account to a group, you can avoid having to grant the same access and permission to many different users one by one. Members of a group can make the same types of changes to settings and have the same access to folders, printers, and other network services. Many companies use network domains and have an IT department that will be the ones who have the ability to create groups and users. The instructions below will describe how to set up groups and users for access to AccuMark storage areas. The person creating the groups and users must have administrative permissions. These sections describe how to create groups and assign users to these groups on Windows XP and Windows Vista systems. It assumes the users already exist on this system or a domain server and can be accessed from this server. You must create the User Groups first and then specify in SQL Server where and how these users and groups will have access to the AccuMark data.
1 Page 1 of 18
The User Group will need to be created on the server that will has SQL Server installed for access to the storage areas on that server. The process below describes how to create on the server in User Management a User Group containing all AccuMark users NOTE: the instructions below show how to create user groups for Windows XP and Windows Vista (Windows 2000 will no longer be supported for use with AccuMark starting with version 8.3). MSDE and SQL Server 2000 can be used on Windows XP, however MSDE is not supported on Vista. For information on using Windows XP or Vista and SQL 2005 Server or Express, please refer to the document SQL Server 2005 and AccuMark.doc Creating User Groups on Windows XP: These instructions are based on using the Category View. Select Start, Control Panel. Select User Accounts from the Category Select user Accounts from the Control Panel icon section In the Users Accounts dialog, select the Advanced tab and then the Advanced button
2 Page 2 of 18
Highlight the Groups entry in the left window. Place the mouse in the right side of the window pane, right-click and select New Group
Type in the name of the new group. In this example, the UserGroup is called AM-SQLUsers. Enter an optional description Select the Add button
3 Page 3 of 18
From the From this location drop-down list select the Locations button to access the server or domain where the users you would like to add to the AMSQL-Users group exist. Select the Advanced button. Select the Find Now button to get a list of user names from this location.
Highlight one or more users and select the OK Button (use the ctrl or shift keys to select more than one).
4 Page 4 of 18
You can choose another domain to add additional users or select Ok to finish. Select the Create button to complete the creation of this new group. Select close to close the dialog windows. The new group should now appear in the list for Local Users and Groups.
2. In the left pane of Microsoft Management Console, click Local Users and Groups.
4. Click OK. 3. Double-click the Groups folder. 4. Right-click the group you want to add the user account to, and then click Add to Group. 5. Click Add, and then type the name of the user account. 6. Click Check Names, and then click OK.
Note: To help make your computer more secure, add a user to the
Administrators group only if it is absolutely necessary. Users in the Administrators group have complete control of the computer. They can see everyone's files, change anyone's password, and install any software they want.
SQL Server User Management Setting Permissions for the Groups Define the Login for the AccuMark UserGroup in SQL Server Enterprise Manager On the server, open Microsoft SQL Server Enterprise Manager, Open in the Tree-windows (left side) the tree until you get to the SQL server that will contain the AccuMark storage areas (in this example: WEBPDMSPEC_BNL), Open the local SQL server to get the display of associated entries like Databases, Security,.. Open the Security item to get Logins displayed. Right-click on Logins and select to create a New Login:
6 Page 6 of 18
On the tab General, define the name by selecting via the lookup-button the UserGroup.
Select the tab : ServerRoles: Select (place checkmark) on Database Creators Save the new Login (OK button). The new Login will be listed in the right window.
Accumark users are now able to create new storage areas using this SQL-server. However, only the creator of the database will have access to the storage area.
7 Page 7 of 18
Setting Group Access Permission to AccuMark Storage Areas To allow other users access to a storage area on SQL-server, you need to give Access-permisison . There are 2 possibilities to define access for AccuMark Users : 1) Allow all users to access all databases = storage areas SQL-server 2000 allows to pre-define configuration values in the database model (never delete this database ), which is used as a template to create new databases, which is equivalent to a new storage area. This method can be used for SQL-servers, which are used only to store AccuMark data. If the customer is using the SQL-server also to store other data , then this method should not be used, since it will cause a security issue for the non-Accumark databases (please discuss this issue with the IT personal of the customer ) Note : it is required to define this before new storage areas are created ! Note : Users creating new storage areas are required to have MSDE or SQL-Express installed on their systems (see below) To configure default access to new Accumark storage areas : Use SQL-server 2000 Enterprise Manager, expand your SQL-server Expand Databases, Expand the database model, expand Users Right-click on Users and select New Database User Use the dropdown to select the User Group of AccuMark users.
8 Page 8 of 18
As Database role membership, please select (by placing a check-mark): - Public (should already be selected by default) - db_datareader - db_datewriter
All members of the Accumark Usergroup have now immediately access to any newly created database = storage area.
2) Manual assignment of access to all storage areas In cases where the customer can not allow to grant automatically access for all Accumark users to all new databases = Accumark storage areas (because the SQL-server is either used also to store other non-Accumark data or if the customer like to assign different access rights for storage areas for users by defining multiple Accumark usergroups ), then the User Administration of SQLserver 2000 can be used. Note : The storage area must first be created from an Accumark workstation, before Access permisisons can be assigned ! Note : Users creating new storage areas are required to have MSDE or SQL-Express installed on their systems (see below) To define the access to the storage areas, display the Login for the AccuMark users group (in this example : Am-SQL-Users) under Security Logins (by a double-click or Properties from the toolbar) : tab : Database Access:
9 Page 9 of 18
Select in the upper list the databases containing storage areas ( which must first have been created from an AccuMark workstation ) to be accessible by this usergroup by placing a checkmark. For EACH of these databases that will be used as AccuMark storage areas, you must select in the lower list as Database Role db_datawriter and db_datereader to allow the AccuMark applications to work with this storage area, by placing a check-mark on its entry
NOTE: if you select only db_datareader but not db_datawriter, then you have a read-only storage area, where users can view and read data, but are not able to update data or store new data. UserPerm Database The UserPerm database allows the AccuMark administrator to assign further permissions on a data item level. Thus the users must be granted db_datareader and db_datawriter rights to this UserPerm database so the AccuMark applications can read and write these extended permissions. For more details on restricting access on a data item level, see the document Read-Write Controls.pdf Select the UserPerm entry in the Database Access window and enable the db_datareader and db_datawriter permissions in the Database roles window.
10 Page 10 of 18
CAD Relational Database If you are using a CAD Relational Database (RDBMS) then db_datareader and db_datawriter permissions must be granted as well. Grant the Execute permission in order to be able to run the stored procedures that are used for the RDBMS. Other permissions may be needed when using the CAD relational database for WebPDM. Contact your WebPDM administrator for assistance. Granting Execute Permission to the CAD Relational Database Note: the CAD Relational database (RDBMS) must be named WebPDM when populating data for access by WebPDM applications. Otherwise the name for the RDBMS needs to conform to the same rules as for AccuMark storage area names. Open the SQL Server Enterprise Manager. Permission must be granted on each of the stored procedures that are used for AccuMark Family applications. The list below in the pictures reflects the currently used stored procedures for AccuMark Family V8.3.0. Other procedures may be added as needed by AccuMark hotfixes, service packs or later releases. The CAD relational database used in these examples is called rdbms. Method 1: Use the stored procedure to set permission to the group. Open database rdbms and double-click Stored Procedures to display a list of all stored procedures.
11 Page 11 of 18
Repeat for all AccuMark Family stored procedures: Select the first stored procedure (i.e. pGerCADCatID) and right-click and select properties.
12 Page 12 of 18
Select the user or group to grant permission to. Then enable by checking on the EXEC execute checkbox.
Select OK Continue to grant the execute permission to each of the AccuMark Family stored procedures. Method 2: Use the group or user to set the permission for the stored procedure. Open database rdbms and double-click Users to display a list of all users and groups.
13 Page 13 of 18
Select the group or user to apply permissions to. Right-click and select Properties.
14 Page 14 of 18
Enable by clicking on the EXEC column for each of the AccuMark Family stored procedures. Select OK to finish.
15 Page 15 of 18
Users creating new storage areas are required to have MSDE or SQLExpress installed on their systems When creating via Accumark Explorer a new storage area using SQL-server :
a script is processed to create the required tables inside the SQL-server database and to define the default Accumark data items :
16 Page 16 of 18
This requires on the systems creating the storage area the MSDE or SQLExpress to be installed. Attempting to create a storage area on a system without MSDE or SQL-Express will result into an error message (Error 1027), a database is created but not usable for Accumar data storage :
Note : MSDE or SQL-Express are only required to be installed on the systems creating a storage area, it is not required to have the database execute on such systems. To reduce workload on such systems, it is suggested to stop the database engine and to avoid future start-ups on local systems : - double-click on the SQL-symbol in the taskbar - Select Stop if the database engine is still running - un-check Auto-start service when OS starts - Close the SQL-Server Service Manager window
17 Page 17 of 18
Note : there is no need to install MSDE or SQL-Express on Accumark systsems accessing such SQL-based storage areas .
18 Page 18 of 18