How to set up Read-Only Windows-Authenticated Users (Microsoft SQL Server Databases)?

Document ID : KB000055361
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

By having this level of authentication NSM Administrators can restrict the level-access to users login in to Unicenter MCC or WorldView Classic GUI;

Solution

You can set up read-only users for the WorldView tables in the MDB. A read-only user is not permitted to perform any operations in Unicenter MCC the WorldView Classic GUI that update the WorldView MDB data.

Note: Read-only access using this procedure affects only WorldView data in the MDB. It does not affect DSM, Enterprise Management, or other data providers.

To set up read-only Windows-authenticated users

  1. Create a Windows group called TNDReadOnly with only two operating system rights: Logon as a Batch Job, and Replace a Process Level Token.
    Note: Use the Local Security Policy GUI to set up the operating systems rights.
  2. Define the TNDReadOnly group to Microsoft SQL Server using the Enterprise Manager, and assign the wvuser role to this group.
  3. Add any Windows users that you want to have read-only permissions for Unicenter MCC to the TNDReadOnly group.

Important! Do not add these Windows users to the TNDUsers group. The user has read-only permission for WorldView data.