2.4 MyID and SQL Server permissions

SIU references: SIU-127, SIU-131, SIU-318, SIU-319, SIU-320.

Warning: If running MyID with a named user, make sure the MyID COM+ account is added with ‘English’ as the default language, or date formats will cause failures.

The account used for database access (the MyID COM+ account) is assigned the permissions needed to create and use the MyID databases when MyID is installed. If you want to reduce the level of these permissions following installation, you must ensure that the account being used keeps the following levels of access as a minimum.

• The account must have the following roles on the MyID databases:

  • public
  • db_datareader

  • db_datawriter

    

    Set these permissions in SQL Server Manager. Under the database instance, select Security > Logins, then right-click the MyID COM user.

• Ensure that the Default Schema is set to dbo or another appropriate setting; a default schema of sys will cause connection problems.

• The stored procedures executed by the system also need to allow execute permission to the MyID COM user. This includes all ‘User’ type stored procedures in the MyID database. You can assign permissions to stored procedures individually, or grant db_owner access to the MyID COM user in Security > Logins.

• Authentication

  You specify whether to use SQL Server authentication or Windows authentication when installing MyID.

  • For Windows Authentication to operate, the MyID application server must belong either to the same domain as the database server or to a trusted domain.