SDE user and mixed mode SQL Server

1895
3
10-26-2010 05:26 PM
JerryGarcia
Occasional Contributor II
Is an SDE user always created?

Does mixed mode always need to be enabled?

If I choose to create a geodatabase that is owned by a user who is dbo in the database, do I need mixed mode and is there a SDE user?

I guess I can create my own SDE user with a Windows Account?
http://help.arcgis.com/en/arcgisserver/10.0/help/arcgis_server_dotnet_help/002q/002q0000002t000000.h...

Any issues with this approach?  Comments?
0 Kudos
3 Replies
RussellBrennan
Esri Contributor
Jerry,

You created a DBO schema geodatabase instead of an SDE schema geodatabase. The main difference between these two options is it determines who is the geodatabase administrator. If you are working with a DBO schema geodatabase you do not need to use mixed authentication as the DBO user is likely authenticated through windows. The DBO user will be able to perform all of the geodatabase administrative tasks that the SDE user would perform in an SDE schema geodatabase.

When using the DBO schema geodatabase there is no need create an SDE user. Unless you want to use database authentication there is no need to enable mixed mode authentication.

Here are some links to some helpful documentation:
http://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#/A_comparison_of_geodatabase_owners_in_...

http://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#/The_ArcSDE_administrative_account_in_S...
0 Kudos
JerryGarcia
Occasional Contributor II
Thanks for the reply Russel.  Just to confirm:

If I am required to use all windows authentictaion and do not want to give out server-wide access to all databases, then I should create a windows account sde user using the following directions.  Is this correct?

http://help.arcgis.com/en/arcgisserver/10.0/help/arcgis_server_dotnet_help/index.html#//002q0000002t...

If you are running on a server that only supports Windows Authentication, ArcSDE setup and administration is greatly simplified by creating a dbo-schema geodatabase because there is no need to configure a special Windows sde login. Also, anyone who maps to the dbo user in the database can perform ArcSDE administrative tasks, such as compress.

If you have a more restrictive security model, you might want to configure an sde-schema geodatabase. Unlike the dbo user, which usually has server-wide access to all databases, the sde user can be restricted to just a handful of statement permissions within a specific database.
0 Kudos
RussellBrennan
Esri Contributor
Yes, if it is required that you must use Windows authentication and are not able to grant DBO privileges to your geodatabase administrators then that method will work.

If your requirement for Windows authentication is flexible, a slightly easier option is to use mixed mode authentication with an SDE schema that uses database authentication and have all users other than SDE use Windows authentication.
0 Kudos