Any guidelines for Best practices for setting SQL database permissions and ArcGIS privileges? I originally created geodatabases using the default "SDE" user. with default SQL Server permissions. This grant too many permissions and does not allow me to track who is making changes. I would like to switch to Operating System logins using Active Directory for user login maintenance.
Initially, I would like to create two types of users - one type with editing capabilities, and a second type with view-only. View-only would be able to see certain layers in the Catalog widow and add those to the map but have no editing capabilities. Those with editing capabilities would be able to edit attributes as well as geometry. I have tried granting privileges Select, Update, Insert, and Delete but this does not always allow the user to move points or vertices.
I would like to use "SDE" user and the database sysadmin for Administration of the databases. It appears that the SDE user has all necessary permission but sometimes SQL Server's "sa" does not. The "sa" user appears to have no rhyme or reason why it works on some but not all databases when I use ArcCatalog to manage.privileges. The database owner is "sa" for every database.
I have tried following ArcGIS Resources but do not always get the same results for each database. What permissions should be assigned on the SQL database level and what privileges should be assigned via ArcCatalog to each dataset and/or feature class?