Community

GDB and SQL permissions

3419
13
Jump to solution
10-23-2014 07:13 AM
Marco_AlejandroBonilla
by
Occasional Contributor
‎10-23-2014 07:13 AM

Hi,

I've been reading some help topics and GeoNet posts about managing permissions in GDB, eventhough I am overwhelmed by all the implied considerations on implementing GDB security.

My question seems relatively simple but I can't solve my issue yet, so:

What are the minimum permissions that my users must have in the database in SQL Server in order for me to manage their select/editing permissions with arcCatalog for mi Enterprise Geodatabase?

Thank you

Marco

0 Kudos
13 Replies
brianbond
by
New Contributor III
‎10-23-2014 09:50 AM

Marco, your original question states what are the minimum permissions to manage a users permissions that comes in from Active Directory (AD) groups and log-in; the minimum is almost nothing.  From my experience, adding a Public Role to the database, everyone should be able to connect to the database and see all the feature classes/tables in the SQL Enterprise Geodatabase.

From my experience, for editor's connecting to the SQL database with authentication from an AD Group, only db_datareader Database role membership is granted to that AD Group and I then control their edit rights using ArcCatalog granting Select, Insert, Update, Delete to the specific feature classes or feature dataset.  For the users that you want only to view data, from my experience, that AD Group is not granted any Database role membership and as long as the Public Role granted to the database, the AD user or groups can see the entire database because of the Public Role.  If you have to sub-divide off certain Read-Only feature classes to certain AD users; you will have to do more work to set Database role membership in SQL Database to certain AD groups. 

Brian

Marco_AlejandroBonilla
by
Occasional Contributor
‎10-23-2014 10:10 AM

So, as I could understand, if I set db_datareader permissions to all my groups in SQL, In first place, all those groups will see all the GDB data, and also, I will be able to grant editing permissions to specific groups through ArcCatalog.

Am I rigth?

And Thank you very much,

MB

0 Kudos
AsrujitSengupta
by
Regular Contributor III
‎10-23-2014 10:23 AM

Yes

brianbond
by
New Contributor III
‎10-23-2014 10:27 AM

Yes, I agree with Asrujit regarding your recent question about granting edit permissions to specific AD groups through ArcCatalog.

0 Kudos