Adding users and groups
I'm not sure on the correct procedure for adding users and groups. Groups I seem to be able to create with no trouble, but when I try to create a new user from within RDM and I get the message "Unable to save the user! User does not have permission to perform this action." So I tried to create the user in the database instead - but now when I go to edit the user in the list I get the message "Unable to add the user, no password specified!". I feel like chicken and egg - please point me in the right direction! Thanks :)
All Comments (4)
Hi,
The first error you got is because the user that you use to create the new user was not an administrator, is it possible ? Your SQL Server must be configured in Mixed Mode authentification. Also, for now, you can't use Windows Authentified users with the group management.
I just reproduced these step without any error:
1. Create a user (New Login) in SQL Management Studio with the SQL Server authentification
2. In RDM, I created a new user with the same name and password than before
3. I edited the user after that to be sure that it's work.
Can you try this or it's exactly what you did ?
David Hervieux
Devolutions inc.
David Hervieux
Hi David,
Many thanks for your prompt reply on a Saturday! I hadn't fully grasped the connection between the user accounts in SQL Server itself and the user accounts in RDP manager, but now that I have that clear, I have some new issues!
I have done the following:
1. I created a new SQL login for myself
2. I set owner permissions for that user on the RDM database
3. I deleted the old data store from my list completely and set up a new connection to the data store using the new user account to connect
4. I added myself to the list of users as an administrator (though what I gain from this I am not sure)
5. I cannot add additional users (that are also set up as logins in SQL Server with owner permissions on the RDM database) to the list. How can I maintain a list of users and groups as an administrator? Do I have to log in as the other users and set up their permissions for them before I can let the actual owners of those accounts log in?
Thanks,
Chris
Hi again,
You must be more than dbowner, you must be sysadmin in the SQL Server role. Usually, I use the user sa to create users, but If you grant the sysadmin role to your user, you will be able to create new users / login. You don't need to be sysadmin to create group in RDM because it's not related to the SQL security.
I hope this help
David Hervieux
Devolutions inc.
David Hervieux
That sorted it - thanks David! I tend to disable the SA account since it is more vulnerable to brute force attacks and malicious forces out in the wild. I cherry picked from the list of available permissions and have successfully managed to create users. The permissions I have effective for that user contains:
Alter_any_credential
Alter_any_login
Connect_SQL
Create_any_database
I believe that should be sufficient as a recommended minimum permission set for full use of RDM, but will report back if I find others are needed!