This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- OnBase
- OnBase Technical
- OnBase Technical Forum
- OnBase 16 - SQL 2016 Cluster - hsi permission leve...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2019 02:14 AM
Hi Everyone
We recently had our Production, Dev and QA databases migrated to a SQL Server 2016 Cluster. We are currently experiencing an issue with regards to the granting of the requisite server roles for hsi in that our DBA is reluctant to provide server roles due to the potential security risks associates with granting this level of permission to the server (OnBase DB has been added to the the cluster which is shared with a few cores systems that contain confidential information).
In light of this we are unable to create users (it appears that a stored procedure is called to create the user on login to the application).
My question is, is there a way to get around this? setting up hsi at server role level is unfortunately out of the question in light of the security risk posed above We have tested with hsi being granted dbowner at database level but have no luck.
Thanks in advance for any assistance.
Labels:
- Labels:
-
Database
1 ACCEPTED ANSWER
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2019 05:39 AM
Hi Daurel,
The workaround you are looking for would be the "Disable Workstation Account Creation" option, found in the Security tab of Global Client Settings in OnBase Configuration. Enabling this setting will stop any workstation logins being created day-forward on SQL Server, and instead all OnBase authentication and database activity will happen through the hsi/hsinet/hsicore/viewer logins for OnBase 17 and earlier. OnBase 18 introduced the ability to use a service account of your choosing for most Core-based modules.
If the "Disable Workstation Account Creation" checkbox is enabled, you can then revoke the server role of securityadmin from the hsi SQL Server login. For OnBase 17 and earlier, the hsi account will still need the db_owner database role, but only for the OnBase database.
If you haven't already, you can read more about the database security requirements for OnBase databases in the Database Reference Guides below. Note that there are two security designs now, one for OnBase 17 and earlier and another for 18 and later:
OnBase 17 and earlier Database Reference Guide: https://community.hyland.com/gallery/items/53203-database-reference-guide
OnBase 18 and later Database Reference Guide: https://community.hyland.com/gallery/items/66647-database-reference-guide-onbase-18-module-reference...
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2019 05:39 AM
Hi Daurel,
The workaround you are looking for would be the "Disable Workstation Account Creation" option, found in the Security tab of Global Client Settings in OnBase Configuration. Enabling this setting will stop any workstation logins being created day-forward on SQL Server, and instead all OnBase authentication and database activity will happen through the hsi/hsinet/hsicore/viewer logins for OnBase 17 and earlier. OnBase 18 introduced the ability to use a service account of your choosing for most Core-based modules.
If the "Disable Workstation Account Creation" checkbox is enabled, you can then revoke the server role of securityadmin from the hsi SQL Server login. For OnBase 17 and earlier, the hsi account will still need the db_owner database role, but only for the OnBase database.
If you haven't already, you can read more about the database security requirements for OnBase databases in the Database Reference Guides below. Note that there are two security designs now, one for OnBase 17 and earlier and another for 18 and later:
OnBase 17 and earlier Database Reference Guide: https://community.hyland.com/gallery/items/53203-database-reference-guide
OnBase 18 and later Database Reference Guide: https://community.hyland.com/gallery/items/66647-database-reference-guide-onbase-18-module-reference...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2019 02:45 AM
Hi Ryan
Thank you for the prompt response. I will give this a bash.
Related Content
- SQL query to pull out barcode config info for doc types in OnBase Technical Forum
- July 2023 Microsoft Security Guide in OnBase Technical Blog
- HTTP 405 "Method not allowed" while uploading document in OnBase Technical Forum
- May 2022 Microsoft Security Guide in OnBase Technical Blog
- April 2022 Microsoft Security Guide in OnBase Technical Blog
Getting started
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
