Version Affected: All
Description:
This article explains the required permissions for an account within SQL if it is being used by SecureAuth Identity Platform (IdP) for Integrated Security connections
Cause:
One of the ways to make a connection to SQL via SecureAuth IdP, for either the Datastore Connection or SQL Logging/Reporting, is via an Integrated Security connection, this means it will use the Account assigned to the Application Pool used for that specific Realm and SecureAuth0
Using an Integrated Security connection will require different permissions compared to using a local SQL Account and therefore it requires slightly different permissions
Resolution:
An account used for Integrated Security connections will require the below permissions at a minimum
CONNECT
EXECUTE
If SQL Reporting will also be used, the SELECT permission will also need to be assigned to the Account
These permissions can be assigned to the Database either directly within the 'Properties - Permissions' configuration page, or via the creation of a new Role, assigning the permissions to the Role and adding the required user to the Role
Each time the permissions for the user account changes within SQL, restart IIS (or the applicable Application Pool) within the IdP Server(s) before testing the changes
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Article is closed for comments.