01-06-2021 05:55 PM
Hi,
One of my customer is asking why when connect to the OnBase Client, OnBase create a new user in the DB with the workstation name. Exist any reason for this or any documentation with the explanation?
Thanks
01-07-2021 07:54 AM
Hi Jimmy.
This doesn't really explain why the workstation object is created. We've disabled workstation account creation and don't appear to have lost any functionality. In that case, it make me wonder why the feature even exists.
01-07-2021 08:31 AM
The workstation named user has less security access than the administrative HSI account. Once created, the user indirectly logs into the database with less credentials. These logins are created for each workstation for the purpose of tracking license/workstation registrations and are used for future authentications to the database.
When the option is disabled the connections at the database level use the elevated HSI account.
This account in addition to doing selects, updates, inserts and deletes, can also create rows in the database. So from a system administration perspective, it would be more of a common practice to leave this setting unchecked and have more granular control over the environment security.
01-07-2021 08:30 AM
Hi Eric.
If the workstation logins are used for tracking workstation licenses, how are these tracked when the disable workstation registration is used?
01-07-2021 08:39 AM
The data is the same in the database, it is just a question of access to the data. This is about the HSI account (Excessive rights) reading it or is the Workstation User (less credentials) account doing so.
01-20-2021 11:48 AM
@Eric Beavers, After re-reading all this great content I would like to confirm, in this statement
It is recommended that specific workstation accounts are not created in the database byOnBase, removing the need for the system account to be granted the securityadmin serverrole.
Is the system account the hsi user? If this is true, where can I find more information about removing the securityadmin server role? Will this have an impact on other features such as OnBase Thick Client?
Do ADO.net connect strings with Integrated Security eliminate the use of the hsi user for database authentication?
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.