Adding a user to a database - multipart question

2873
6
Jump to solution
07-30-2015 03:55 PM
RandallClark2
Occasional Contributor II

Hi all please bear with me here...

1) So i added a user to my database via the 'Add User tool' in ArcCatlog, however when i do that user now has privileges to create feature data sets / feature classes in the database. i would prefer that they dont. Is there a way via ArcCatlog to add an user to a database with out granting privileges to create feature data sets / feature classes?

2) Is there a way via ArcCatalog to remove an user from a database or does that have to be done in SSMS?

Thanks

0 Kudos
1 Solution

Accepted Solutions
KatieCullen
Regular Contributor II

Hi Randall,

This is expected behavior as the Create Database User tool per the help;

"The Create Database User tool creates a database user with privileges sufficient to create data in the database."

The tool grants the following in the permissions in SQL Server for the user created:

CREATE TABLE

CREATE PROCEDURE

CREATE VIEW

VIEW DEFINITION

http://resources.arcgis.com/en/help/main/10.2/index.html#//00170000017r000000

These permissions can be removed from the SQL Server side and the user will no longer be able to create data. Editing and viewing permissions are managed solely in ArcCatalog.

As for a tool to remove database users I am not aware of any at this time. They can be unmapped from the database in SQL Server Management Studio.

Please let me know if there are any further questions

View solution in original post

6 Replies
KatieCullen
Regular Contributor II

Hi Randall,

This is expected behavior as the Create Database User tool per the help;

"The Create Database User tool creates a database user with privileges sufficient to create data in the database."

The tool grants the following in the permissions in SQL Server for the user created:

CREATE TABLE

CREATE PROCEDURE

CREATE VIEW

VIEW DEFINITION

http://resources.arcgis.com/en/help/main/10.2/index.html#//00170000017r000000

These permissions can be removed from the SQL Server side and the user will no longer be able to create data. Editing and viewing permissions are managed solely in ArcCatalog.

As for a tool to remove database users I am not aware of any at this time. They can be unmapped from the database in SQL Server Management Studio.

Please let me know if there are any further questions

RandallClark2
Occasional Contributor II

doh...

i guess i should of read the tool help first.

So it seems that my two options are to add a user to the database with the 'Add User' tool and then revoke the privileges to Create in database via SSMS and then manage privileges to each feature class as needed via ArcCatalog Or i can add a user to the database server side via SSMS then use ArcCatalog to manage privileges to to each feature class OR is there way to configure user permissions server side so that i can do this all in SSMS?

Ideally i want to set up two new roles in the database, a data-viewer role and a data-editor role, i can add uses to the database and crate new roles in the database but i am cannot figure out how to configure permissions on the two new roles to do what i want. Any advice?

0 Kudos
AsrujitSengupta
Regular Contributor III

You can grant database level permissions on the new Roles from the database end (basically indicating that the permission will be applicable to all the data in that geodatabase).

However, if you want to grant privileges on individual Feature classes, Feature Datasets, etc...that has to be done from ArcCatalog.

RandallClark2
Occasional Contributor II

Hmm.

Ok thanks katie.

The help is much appreciated

0 Kudos
AsrujitSengupta
Regular Contributor III

As Katie mentioned, there is no tool to remove an User from ArcCatalog. This has to be done from database end.

WesMiller
Regular Contributor III

Randall you may be interested in these 2 websites that go over creating roles. Roles grant the level of permissions a user will have when added to the database.

http://resources.arcgis.com/en/help/main/10.2/index.html#//002q0000002s000000

http://resources.arcgis.com/en/help/main/10.2/index.html#/Create_Role/00170000017v000000/