Configuring Dataedo Web in domain use

Piotr Tokarski - Dataedo Team Piotr Tokarski 1st December, 2020

Basics

When installing Dataedo Web, a service user is created to run the app - by default, it's named IIS APPPOOL\DataedoPool. Since the server can't impersonate other domain users at this point, any connections to a repository database using Windows or domain authentication can only authenticate as this service user.

If the repository database server you're connecting to does not allow non-domain users, you have two options - either grant the IIS app pool user the required permissions (details below) or change the IIS app pool user to one that already has them.

Creating a repository using domain authentication

To create a repository, the user requires the CREATE ANY DATABASE permission. Other required database permissions are automatically granted during repository creation.

Connecting to an existing repository using domain authentication

To connect to an existing repository, the user needs to be added to ADMINS and USERS roles in the database - these are roles created by Dataedo in the repository database during its creation.

If you want to be able to upgrade repository from Dataedo Web, the user also should be granted the db_owner role.

Managing users from Dataedo Web

Currently Dataedo Web uses database logins to authenticate users. If you want to manage database users from Dataedo Web, the IIS app pool user needs to be granted the security_admin server role. You can always manage users manually or using Dataedo Administration console otherwise.

Found issue with this article? Comment below
0
There are no comments. Click here to write the first comment.