AnsweredAssumed Answered

10.2.2 AGS: Disconnected Replication via GeoData Services and Permissions

Question asked by amy14 on Oct 1, 2015
Latest reply on Oct 8, 2015 by amy14

Hello,

We just installed ArcGIS Server 10.2.2 (AGS).  The service account on AGS is a domain account that is also within our SQL Server database (operating system).

 

We have tried several ways to create 2-way disconnected replication using Operating System Authentication.

Our main users (who are Publishers in AGS and hoped to make replica owners, set up database connections, etc) are set up on SQL Server as follows:

Server role is public

Mapped to the database in SQL as db_datareader and public

Membership at the database level is db_datareader

Privileges given via ArcCatalog to the data layers is SELECT, INSERT, UPDATE, DELETE for their operating system logins

 

However, when they tried to create geodata services and replicas, the remote user could see the data using their AGS built-in user name and password BUT the sync would not work UNLESS we gave the AGS service account db_owner membership at the database level.  I would have thought this unnecessary for the service account.  Because setting db_owner for the service account seemed like a security risk, we are currently using database authentication for setting up replicas, geodata services and database connections and it works.

This database user is set up this way:

Server role is public

Mapped to the database in SQL as public

It does not have any Membership at the database level

It does have its own schema at the database level.... (I tried doing the same with the service account OSA but it didn't seem to make a difference)

Privileges given via ArcCatalog to the data layers is SELECT, INSERT, UPDATE, DELETE for this database user

 

 

 

My questions:

  • Is it possible to set up operating system authentication for 2 way replicas?
  • Why does a database user with "seemingly" less permissions work without db_owner set on the service account?
  • Does both AGS and SQL have to have operating system authentication?  Currently we have built-in for AGS and operating systems plus database users on our SQL.  Our remote users are not within our active directory.
  • Have we missed something on the service account permissions?
  • Any pros or cons not using operating system authentication?

 

Thank you in advance,

Amy Rose

Outcomes