Return to doc.sitecore.com

  Tighten MS SQL security
Prev
Print this page (opens in new window) Print

This section applies to DBO's who want to tighten security on the SQL server.

Instead of giving dbowner rights (full MS SQL rights) to the user on all databases, you can create roles that have nothing but execute rights on stored procedures and read/write rights on the tables.

1.  Add New Login

Add new Login, e.g. "johnDoe":

Add new Login 

 

Important Note: The following steps must be completed for each database.

2.  New user to the database

Add the new user to the database, by right-clicking Users, New database user…  

3.  Add new role to the database

Add a new role, e.g. 'sitecore_user', by right-clicking Roles, New database role…

Add new user (created in step 1) to the new role (created in step 2.a).

Assign users to roles

4.  Grant Execute Rights

Click OK, and then reopen the new role grant execute rights to all stored procedures and all user defined functions (not system objects, e.g. prefixed with dt_):

Grant execute rights to stored procedures and user defined functions 

5.  Add role to db_datareader and db_datawriter

To the existing roles, db_datareader and db_datawriter, add the new role:

Add new role to db_datareader and db_datawriter system roles 

6.  Using SQL script to create user and role

Alternatively you may run this SQL script, that creates a user “sitecore” with password “sc”, and adds the role “sitecore_user” to each database.

If you wish to create other user and other role, make appropriate changes to the script.  

Download SQL script


Prev