https://community.esri.com/t5/data-management-questions/sde-connections-and-locks/m-p/554095#M31385 <HTML><HEAD></HEAD><BODY><SPAN>We have an 10.1 SDE setup with SQL Server.</SPAN><BR /><SPAN>It has been setup with Database Authentication Type.</SPAN><BR /><SPAN>All ArcGIS users access the database through this connection.</SPAN><BR /><BR /><SPAN>All database feature class locks show up as being in use by this master connection user, (not the actual user who is accessing it).</SPAN><BR /><BR /><SPAN>We have some people telling us this is best practice and others saying this is a security concern as everyone has the same permissions and there is no way to see who is accessing what.</SPAN><BR /><BR /><SPAN>We need to be able to see sde locks by user, and also need to be able to setup sde groups and user based permissions to feature classes.</SPAN><BR /><BR /><SPAN>Can anyone offer advice?</SPAN><BR /><BR /><SPAN>Thanks.</SPAN></BODY></HTML> Mon, 24 Feb 2014 13:24:52 GMT bartbart 2014-02-24T13:24:52Z https://community.esri.com/t5/data-management-questions/sde-connections-and-locks/m-p/554095#M31385 <HTML><HEAD></HEAD><BODY><SPAN>We have an 10.1 SDE setup with SQL Server.</SPAN><BR /><SPAN>It has been setup with Database Authentication Type.</SPAN><BR /><SPAN>All ArcGIS users access the database through this connection.</SPAN><BR /><BR /><SPAN>All database feature class locks show up as being in use by this master connection user, (not the actual user who is accessing it).</SPAN><BR /><BR /><SPAN>We have some people telling us this is best practice and others saying this is a security concern as everyone has the same permissions and there is no way to see who is accessing what.</SPAN><BR /><BR /><SPAN>We need to be able to see sde locks by user, and also need to be able to setup sde groups and user based permissions to feature classes.</SPAN><BR /><BR /><SPAN>Can anyone offer advice?</SPAN><BR /><BR /><SPAN>Thanks.</SPAN></BODY></HTML> Mon, 24 Feb 2014 13:24:52 GMT https://community.esri.com/t5/data-management-questions/sde-connections-and-locks/m-p/554095#M31385 bartbart 2014-02-24T13:24:52Z https://community.esri.com/t5/data-management-questions/sde-connections-and-locks/m-p/554096#M31386 <HTML><HEAD></HEAD><BODY><SPAN>While common, it is far from best practice to have all users connect as a single login.</SPAN><BR /><BR /><SPAN>In fact, best practice involves using one or more "ownership" accounts to own institutional</SPAN><BR /><SPAN>table resources (feature datasets), using individual user logins to access the geodatabase,</SPAN><BR /><SPAN>and making use of roles to assign access to tables by users.&nbsp; Not only does this practice</SPAN><BR /><SPAN>reduce contention to shared resources, it also helps identify who is acessing what, and when.</SPAN><BR /><BR /><SPAN>Note that the RDBMS implements the security model, not ArcSDE (there is no such thing as</SPAN><BR /><SPAN>an "sde group").&nbsp; This is just proper use of the RDBMS' own security model.</SPAN><BR /><BR /><SPAN>- V</SPAN></BODY></HTML> Mon, 24 Feb 2014 13:49:01 GMT https://community.esri.com/t5/data-management-questions/sde-connections-and-locks/m-p/554096#M31386 VinceAngelo 2014-02-24T13:49:01Z