This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Workstation created as user in DB

Carlos_Arroyo
Champ in-the-making
Champ in-the-making

‎01-06-2021 05:55 PM

Hi,

 

One of my customer is asking why when connect to the OnBase Client, OnBase create a new user in the DB with the workstation name. Exist any reason for this or any documentation with the explanation?

 

Thanks

Labels:
0 Kudos
10 REPLIES 10

Roger_Linhart
Elite Collaborator
Elite Collaborator

‎01-07-2021 07:54 AM

Hi Jimmy.

 

This doesn't really explain why the workstation object is created. We've disabled workstation account creation and don't appear to have lost any functionality. In that case, it make me wonder why the feature even exists.

0 Kudos

Eric_Beavers
Employee
Employee
In response to Roger_Linhart

‎01-07-2021 08:31 AM

The workstation named user has less security access than the administrative HSI account. Once created, the user indirectly logs into the database with less credentials. These logins are created for each workstation for the purpose of tracking license/workstation registrations and are used for future authentications to the database.

 

When the option is disabled the connections at the database level use the elevated HSI account.

 

This account in addition to doing selects, updates, inserts and deletes, can also create rows in the database. So from a system administration perspective, it would be more of a common practice to leave this setting unchecked and have more granular control over the environment security.

0 Kudos

Roger_Linhart
Elite Collaborator
Elite Collaborator

‎01-07-2021 08:30 AM

Hi Eric.

 

If the workstation logins are used for tracking workstation licenses, how are these tracked when the disable workstation registration is used?

0 Kudos

Eric_Beavers
Employee
Employee
In response to Roger_Linhart

‎01-07-2021 08:39 AM

The data is the same in the database, it is just a question of access to the data. This is about the HSI account (Excessive rights) reading it or is the Workstation User (less credentials) account doing so.

0 Kudos

Roger_Linhart
Elite Collaborator
Elite Collaborator

‎01-20-2021 11:48 AM

@Eric Beavers, After re-reading all this great content I would like to confirm, in this statement

It is recommended that specific workstation accounts are not created in the database byOnBase, removing the need for the system account to be granted the securityadmin serverrole.

Is the system account the hsi user? If this is true, where can I find more information about removing the securityadmin server role? Will this have an impact on other features such as OnBase Thick Client?

 

Do ADO.net connect strings with Integrated Security eliminate the use of the hsi user for database authentication?

 

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC