User Manager |
|
User Manager |
|
|
The User Manager module provides a simplified interface for managing user access and permission levels to your Hydro GeoAnalyst project databases. The User Manager allows you to add, remove, and set user permissions to preconfigured access levels in the database. However, access is ultimately managed by SQL Server itself and HGA will defer to/rely on permissions stored on the SQL Server instance hosting the project database, so advanced users familiar with SQL may manage permissions more precisely. This provides a compromise between useability for beginner users and flexibility/control for advanced users, while providing all of the enhanced/enterprise-level security features available through the Microsoft implementation of SQL and related tools. An example of the User Manager module interface is shown below:
The User Manager toolbar contains the following controls:
Adds a new user or group.
Deletes the currently selected user or group (note: you cannot delete your own account)
Edits the permission levels for the selected user or group
The main window of the User Manager module includes a table of project users with headings for account information and associated permissions.
•Name: the user or role defined within the settings of the database itself.
•Server Login: the user or role defined under the main Security settings of the SQL Server instance. Only those users or roles with a corresponding name in the current project database will be displayed.
Users may be granted a combination of preset user permissions, ordered in terms of increasing control over the data:
•Read access: provides the user with the db_datareader level of access in the database and allows the user to read database records. In practice, this means that users can view data in most of the modules but not modify records. Certain modules require edits to the various tables including creating/modifying plot collections, saving queries, and creating cross-sections and maps. Users with only read-level access have very limited ability to use Hydro GeoAnalyst.
•Edit access: provides the user or group with the db_datawriter level of access in the database and allows the user or group to add/remove/edit database records. In general, users with both Edit and Read access can use all of the functionality of HGA except for the ability to use the Template Manager module, User Manager module, or make backups.
•Template Access: provides the user or group with the db_ddladmin level of access in the database and allows the user or group to modify the database template (i.e. make changes in the Template Manager module). Users with Template access may not make changes in the User Manager module or make backups.
•Full Access: provides the user or group with the db_owner level of access in the database and allows the user or group complete control over the project database, including all of the functionality provided in the template access level above and the ability to add/remove users and backup the database.
Generally, users should only be given the permission level(s) they require to complete their assigned duties. Users with higher-level permissions should generally also be given lower-level permissions (e.g. a user requiring Template access should also be granted Read and Edit access).
As discussed above, advanced users may wish to provide alternate/custom permission levels to users or groups. These permission levels will be honored by Hydro GeoAnalyst. Users and groups with permission levels exactly matching the presets and related security/permission settings available in Hydro GeoAnalyst will be displayed in User Manager module. If permission levels/settings for a given user configured outside of Hydro GeoAnalyst, user permission levels may not appear as expected. For more information on database level roles, please refer to the Microsoft SQL Server documentation here: https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles?view=sql-server-ver15
To add a new user, select the add user button and the following dialog will appear.
There are three types of user you may add in any combination, provided that the host SQL Server instance is configured to allow such login methods to work:
•Windows User or Group
•SQL Server Login
which are described below:
User accounts and passwords for individual users or windows groups will be managed using Windows Authentication. When using this option, you may only add existing users or groups on a Windows domain and will be warned if the domain, user account, or group cannot be found. Adding a Windows User or Group using the User Manager will assign dbo as the default schema for all users in that group. Otherwise HGA, will assume the dbo schema when creating new tables using the Template Manager for users with Template access.
The user account will be managed by SQL Server. When using this option, you have the option to add existing users or create a new user along with a corresponding password. HGA creates a user in SQL Server Instance and adds them as a user in the project database with the assigned permission levels. Hydro GeoAnalyst provides the option to create a SQLServer login for a new user if it doesn’t exist. One implication for this method is that the user may have broader access to any databases on the server instance and to the instance itself. This method is likely more desirable for users who need access to multiple databases on a server instance.
|
To modify an existing user, select the Edit Selected User button . You will be presented with the option to modify the selection(s) of permissions for the selected user:
Modifying the permissions of a fellow db_owner in HGA will remove them from the db_owner group in SQL Server. HGA will warn users who are about to do this. |
To remove an existing user, select the Delete Selected User button. You will be prompted to confirm the deletion.
|
Page url:https://www.waterloohydrogeologic.com/help/hga/index.html?usermanager.htm
