Prev |
This section applies to DBO's who want to tighten security on the SQL server.
Instead of giving dbowner rights (full MS SQL rights) to the user on all databases, you can create roles that have nothing but execute rights on stored procedures and read/write rights on the tables.
1. Add New Login
Add new Login, e.g. "johnDoe":
Important Note: The following steps must be completed for each database.
2. New user to the database
Add the new user to the database, by right-clicking Users, New database user…
3. Add new role to the database
Add a new role, e.g. 'sitecore_user', by right-clicking Roles, New database role…
Add new user (created in step 1) to the new role (created in step 2.a).
4. Grant Execute Rights
Click OK, and then reopen the new role grant execute rights to all stored procedures and all user defined functions (not system objects, e.g. prefixed with dt_):
5. Add role to db_datareader and db_datawriter
To the existing roles, db_datareader and db_datawriter, add the new role:
6. Using SQL script to create user and role
Alternatively you may run this SQL script, that creates a user “sitecore” with password “sc”, and adds the role “sitecore_user” to each database.
If you wish to create other user and other role, make appropriate changes to the script.
Prev