SQL Server 2005 and AccuMark

7/29/2019 SQL Server 2005 and AccuMark

1/16

Page 1 of 16

1

Management of Accumark Data Storageusing MS-SQL-2005 Server

This document illustrates how Microsoft SQL Server 2005 can be used withAccuMark Family Professional Edition software (SQL is not supported onAdvanced Edition)to allow AccuMark users to create storage areas and toaccess them.

While all permissions below can be defined for single users, it is highlysuggested to define a Group of users to reduce administrative workload. Theexample below defines only one UserGroup, giving all users the same access toall storage areas. Using the same procedure to define multiple UserGroupsassigning different access permissions for users or for storage areas.

On most networks AccuMark users will be defined as standard Users (with noAdministration rights). By default, such users are not able to create newdatabases on an SQL server 2005 (databases are where the AccuMark storagearea data is stored).

User and Group ManagementA user account is a collection of information that tells Windows which user rightsand access permissions a user has on a computer. A group is a collection of useraccounts, computers, contacts or other user groups. By adding a user account to

a group, you can avoid having to grant the same access and permission to manydifferent users one by one. Members of a group can make the same types ofchanges to settings and have the same access to folders, printers, and othernetwork services.

Many companies use network domains and have an IT department that will bethe ones who have the ability to create groups and users. The instructions belowwill describe how to set up groups and users for access to AccuMark storageareas. The person creating the groups and users must have administrativepermissions.

These sections describe how to create groups and assign users to these groupson Windows XP and Windows Vista systems. It assumes the users already existon this system or a domain server and can be accessed from this server.

You must create the User Groups first and then specify in SQL Server where andhow these users and groups will have access to the AccuMark data.


2/16

Page 2 of 16

2

The User Group will need to be created on the server that will has SQL Serverinstalled for access to the storage areas on that server. The process belowdescribes how to create on the server in User Management a User Groupcontaining all AccuMark users

NOTE: the instructions below show how to create user groups for Windows XP

and Windows Vista (Windows 2000 will no longer be supported for use withAccuMark starting with version 8.3). MSDE and SQL Server 2000 can be usedon Windows XP, however MSDE is not supported on Vista. For information onusing Windows XP or Vista and SQL 2005 Server or Express, please refer to thedocument SQL Server 2005 and AccuMark.doc

Creating User Groups on Windows XP:These instructions are based on using the Category View.

Select Start, Control Panel. Select User Accounts from the Category

Select user Accounts from the Control Panel icon section

In the Users Accounts dialog, select the Advanced tab and then theAdvanced button


3/16

Page 3 of 16

3

Highlight the Groups entry in the left window.

Place the mouse in the right side of the window pane, right-click and selectNew Group

Type in the name of the newgroup. In this example, theUserGroup is called AM-SQL-Users.

Enter an optional description

Select the Add button


4/16

Page 4 of 16

4

From the From this location drop-down list select the Locations button toaccess the server or domain where the users you would like to add to the AM-SQL-Users group exist.

Select the Advancedbutton.

Select the Find Nowbutton to get a list ofuser names from thislocation.

Highlight one or more users and select the OK Button (use the ctrl or shiftkeys to select morethan one).


5/16

Page 5 of 16

5

The user name(s) will appear in the window.

You can chooseanother domain to add additional users or select Ok to finish.

Select the Create button to complete the creation of this new group.

Select close to close the dialog windows. The new group should now appearin the list for Local Users and Groups.

Creating User Groups on Windows Vista:

Note : These steps cannot be completed on Windows Vista Starter,Windows Vista Home Basic, and Windows Vista Home Premium.

1. Click to open Microsoft Management Console. If you are prompted for

an administrator password or confirmation, type the password or provideconfirmation.

2. In the left pane of Microsoft Management Console, click Local Users andGroups.

If you don't see Local Users and Groups

If you don't see Local Users and Groups, it's probably because thatsnap-in has not been added to Microsoft Management Console.Follow these steps to install it:

1. In Microsoft Management Console, click the File menu, and thenclick Add/Remove Snap-in.

2. Click Local Users and Groups, and then click Add.

3. Click Local computer, and then click Finish.

4. Click OK.


6/16

Page 6 of 16

6

3. Double-click the Groups folder.

4. Right-click the group you want to add the user account to, and then clickAdd to Group.

5. Click Add, and then type the name of the user account.

6. Click Check Names, and then click OK.

Note: To help make your computer more secure, add a user to theAdministrators group only if it is absolutely necessary. Users in theAdministrators group have complete control of the computer. They can seeeveryone's files, change anyone's password, and install any software they want.

SQL Server 2005 User Management Setting Permissions for the Groups

Define the Login for the AccuMark UserGroup in SQL Server ManagementStudio Express

On the server, open Microsoft SQLServer Management StudioExpress. Connect to the SQLServer that will be used for

AccuMark storage:

The authentication being used willdepend on how the SQL serverwas configured during installation.Contact your IT department fordetails. Most WebPDM servers areconfigured for mixed mode authentication which means you could log in usingeither Windows Authentication or SQL Authentication. Select the Connectbutton.

Open the SQL server to get thedisplay of associated entries likeDatabases, Security,..

Open the Security item to get Loginsdisplayed.

Right-click on Logins and select tocreate a New Login:


7/16

Page 7 of 16

7

On the tab General, define the name by selecting via the lookup-button theUserGroup. Check that groups are selectable by selecting the Object Types button and

the entry for Groups is checked on. Then select OK

You can use the Advanced button, then the Find Now to get a list of groups. Highlightthe group that is to be added to this server (for example: AM-SQL-Users) and select OK.


8/16

Page 8 of 16

8

Select the entry : ServerRoles.

Select (place checkmark)on Database Creators:dbcreator

Save the new Login (OKbutton). The new Loginwill be listed in the rightwindow.

Accumark users are nowable to create new storageareas using this SQL-server.

However, only the creator of the database will have access to the storage area.

Setting Group Access Permission to AccuMark Storage Areas

To allow other users access to a storage area on SQL-server, you need to giveAccess-permisison .There are 2 possibilities to define access for AccuMark Users :

1) Allow all users to access all databases = storage areas

SQL Server 2005 allows to pre-define configuration values in the databasemodel (never delete this database ), which is used as a template to create newdatabases, which is equivalent to a new storage area.

This method can be used for SQL servers, which are used only to storeAccuMark data. If the customer is using the SQL server also to store other data ,then this method should not be used, since it will cause a security issue for thenon-Accumark databases (please discuss this issue with the IT personal of thecustomer )

Note : it is required to define this before new storage areas are created !Note : Users creating new storage areas are required to have SQL Expressinstalled on their systems (see below)


9/16

Page 9 of 16

9

To configure default access to new Accumarkstorage areas :

Using the SQL Server Management Studio

Express, expand your SQL server Expand System Databases,

Expand the database model, expandSecurity, then expand Users

Right-click on Users and select NewUser

Use the ellipse button [] to open the Select Login dialog. Then selectBrowse button and select (check on) the UserGroup of AM-SQL-Users.Select OK, and OK.

Enter the User name (you can use the same as the Login name):


10/16

Page 10 of 16

10

As Database role membership, please select (by placing a check-mark):- Public (should already be selected by default)- db_datareader- db_datewriter

Click OK to save this information.

All members of the Accumark Usergroup have now immediately access to anynewly created database = storage area.

2) Manual assignment of access to all storage areas

In cases where the customer can not allow to grant automatically access for allAccumark users to all new databases = Accumark storage areas (because theSQL server is either used also to store other non-Accumark data or if thecustomer like to assign different access rights for storage areas for users bydefining multiple Accumark usergroups ), then the User Administration of SQLserver 2005 can be used.

Note :The storage area must first be created from an Accumarkworkstation, before Access permisisons can be assigned !

Note : Users creating new storage areas are required to have SQL Expressinstalled on their systems (see below)


11/16

Page 11 of 16

11

To define the access to the specificstorage areas, display the Login forthe AccuMark users group (in thisexample : Am-SQL-Users) underSecurity Logins (by a double-click or

Properties from the toolbar) :

Select the User Mapping entry in the Select a page window on the right.

Then select in the upper list the databases containing storage areas (which mustfirst have been created from an AccuMark workstation ) to be accessible by thisusergroup by placing a checkmark.

For EACH of these databases, you must select in the lower list as DatabaseRole db_datawriter and db_datareader to allow AccuMark to work with thisstorage area, by placing a check-mark


12/16

Page 12 of 16

12

Note: the databases will include the AccuMark storage areas as well as the CADRelational database like the one that is used for WebPDM.

NOTE: if you select only db_datareader but not db_datawriter, then you havea read-only storage area, where users can view and read data, but are not able

to update data or store new data.

UserPerm DatabaseThe UserPerm database allows the AccuMark administrator to assign furtherpermissions on a data item level. Thus the users must be granted db_datareaderand db_datawriter rights to this UserPerm database so the AccuMarkapplications can read and write these extended permissions. For more details onrestricting access on a data item level, see the document Read-WriteControls.pdf

Select the UserPerm entry in the Database Access window and enable thedb_datareader and db_datawriter permissions in the Database roles window.

CAD Relational DatabaseIf you are using a CAD Relational Database (RDBMS) then db_datareader anddb_datawriter permissions must be granted as well. Grant the Executepermission in order to be able to run the stored procedures that are used for theRDBMS.

Other permissions may be needed when using the CAD relational database forWebPDM. Contact your WebPDM administrator for assistance.


13/16

Page 13 of 16

13

Granting Execute Permission to the CAD Relational Database

Note: the CAD Relational database (RDBMS)must be named WebPDM when populatingdata for access by WebPDM applications.

Otherwise the name for the RDBMS needs toconform to the same rules as for AccuMarkstorage area names.

To grant execute permission to the CADRelational Database on SQL 2005 Server orSQL 2005 Express:

Open the SQL Server ManagementStudio Express

Connect to the SQL server that containsthe RDBMS

Expand the Databases tree view Expand the RDBMS (in this example the

cad relational database is calledwebpdm)

Right-click on the RDBMS name and select properties

In the Users or roles window select the group to grant permissions for. TheExplicit Permissions window will populate with the permissions that areavailable for setting.


14/16

Page 14 of 16

14

Select the Execute permission and click in the Grant column to enable thispermission.

Continue to grant the Execute permission to any other groups as needed.

Select OK to finish.


15/16

Page 15 of 16

15

Users creating new storage areas are required to have SQL Expressinstalled on their systems

When creating via Accumark Explorer a new storage area using SQL server :

A script is processed to create the required tables inside the SQL serverdatabase and to define the default Accumark data items :


16/16

Page 16 of 16

16

Attempting to create a storage area on a system without MSDE or SQL-Expresswill result into an error message (Error 1027), a database is created but notusable for Accumar data storage :

Note : SQL Express is only required to be installed on the systems creating astorage area, it is not required to have the database execute on such systems.

There is no need to install MSDE or SQL-Express on Accumark systsemsaccessing such SQL-based storage areas

SQL Server 2005 and AccuMark

Documents

Transcript of SQL Server 2005 and AccuMark