Forum / Devolutions Password Server - Support

Creating domain users in database manually

  • Create an Issue
  • Cancel

Devolutions Team,
Due to internal security policies we will not allow the auto creation of account in the database..
Could you please provide the steps to add user and set permissions in SQL 2012 SP2?


Thanks,
Sam

Clock4 yrs

Hello,

You can create each user from the DVLS console. They will get all permissions needed in your SQL Server.

Best regards,



Érica Poirier

signaturesignature

Clock4 yrs

Hello Erica,

We are authenticating with our domain and we do NOT have the "Auto Create domain users in database" checked. So therefor DVLS is not creating the users that are added in the DVLS console.

Please let me know.
Sam

Clock4 yrs

Hello Sam,

Please consult our online help on User Management.

You will then be able to create your domain users from the DVLS console.

In the Authentication type field, please select Domain and in the login field, type in the correct DOMAIN\USERNAME.
2016+03+10+13+57+41


Best regards,



Érica Poirier

signaturesignature

2016-03-10_13-57-41.png
Clock4 yrs

Hi Erica,
ok... I'm not communicating this well enough. Let me try again.
Online Help > How-To > How to Configure Devolutions Server to use integrated security > How to Grant Access to SQL Server instance
Per this section above, under the permissions section.. there is this statement....
"For instance you could decide to not allow to create administrators through the instance, but only through a direct SQL connection. Please contact us to discuss these scenarios."
I'm contacting you to discuss this... I've been a solid local RDM users for 6+ years. We are trying out the DVLS, but our DBA team will not allow auto account creation in SQL. Part of this is due to our SQL design, we have a SQL clustered environment and the access has to be granted on each of the SQL nodes. We can only directly grant permissions to the SQL instance from inside the SQL mgmt. console.
What is the procedure to manual grant a domain user for the DVLS SQL instance?
I look forward for a response.
Best Regards,
Sam

Clock4 yrs

Hello,

The end users should NOT have access to the DB, there is a single identity that is used to connect to the DB, its either the account you've specified in the DB tab of the instance, or the application pool identity if you've checked "integrated security"

The paragraph you mention could be a lot clearer and I'll add this to our list of topics to review. It discusses the possibility of creating administrators, which contradicts what I wrote in the first paragraph. It is not related to AD accounts but rather SQL Accounts. Lets just ignore it for now.

In summary, your end users should not be given access to the DB, only the identity of the DB Tab, or the application pool identity. If you use the SQL Profiler, you will see only that identity connecting to the DB.

Sorry about the documentation, it will be moved to a non-AD scenario.



Maurice Côté

signaturesignature

Clock4 yrs

gotcha.. Thanks for the clarification Maurice.

From that section I thought every user needed to be added in order to access the data that was stored in SQL.

Thanks!!!

Clock4 yrs