Dear ESRI users,
My organisation is going to introduce a multi-editor database and would like to use OS-auth for this purpose, but experience some difficulities in implementing this as desired.
We are using,
- SQL Server 2012, SP1
- ArcGIS 10.2.1
Below roles (AD-groups preferable) need access to the database,
- GISOWNER - permission to create tabels/feature classes.
- GISEDITOR - permission to edit/update/delete features, but not create/delete tabel or feature classes.
- GISREADER - permission to view/select data in tabels and feature classes.
What will be best practice for this setup?
Our main struggle is with GISOWNER - assigning a Windows AD-user works well, but assigning a AD-group results in featureClasses and tables created in user-schemas for each member of that AD-group rather than a shared default schema, fx. GISOWNER.featureClassName.
According to documentation on SQL Server, this issue with default schema for AD-Groups was fixed with SQL Server 2012 - maybe not implemented in ArcGIS 10.2.1?
I understand that you would prefer Windows Authentication, but you can also create a SQL Server Authenticated Login named GISOWNER and provide the credentials of that login to all the desired people.