How to Use Grant and Revoke in Conjunction with Archibus (Microsoft SQL Server)
How to Use Grant and Revoke in Conjunction with Archibus (Microsoft SQL Server)
Some sites establish different database user accounts to support different Archibus Roles by entering the SQL Login Username and Password for that role. When they do so, the Archibus program queries for data on those users' behalf using that account rather than the general "AFM" account or the account established for the database roles in the Projects List (afm-projects.xml) file.
In order to ensure that each user has the same permissions as the Archibus program, you must initially grant each user the same database-level security permissions as the AFM_USER_GROUP user—the user group setting shipped with the Archibus program. You can then revoke the permissions that are not appropriate for that user.
To do so, make each user a member of the AFM_USER_GROUP database group using Microsoft SQL Server Query Analyzer. Enter the following SQL statements in Query Analyzer and run the script:
EXEC sp_addlogin "newuser",
"newpassword", "master", "English
EXEC sp_defaultdb "newuser", "myproject go use "mroject"
EXEC sp_grantdbaccess "newuser", "newuser"
EXEC sp_addrolemember "newuser", "afm_role" go
Restricting Table Access
If you wish to restrict access, use the database server program’s GRANT and REVOKE commands to establish the exact tables that each user can access. For instance, for a group working on space management, you might give read access to all files, but give write access only to the files that affect space management.