Online Help > Support/Resources > Knowledge Base > Configure Devolutions Password Server to use integrated security

How to Grant access to SQL Server instance

Description

 

In order to use Integrated Security you will need to grant access and specific permissions to the domain account used to connect to the SQL Server Instance.

 

Steps

 

To make these instructions simpler, we will name the domain account RDMRunner, please adapt to your requirements.

 

1. Using Microsoft SQL Server Management Studio, right-click on the Security branch and select New - Login.

 

MSSQL

MSSQL

 

2. In the dialog, click on Search.

 

Login - New

Login - New

 

3. Change the location to your domain and then select the RDMRunner user account.

 

Select User or Group

Select User or Group

 

4. In the User Mapping Section, find your database and check the Map checkbox.

 

User Mapping

User Mapping

 

5. In the Database role membership, grant the db_datareader role and then click OK to save the login.

 

Database role membership

Database role membership

 

Permissions

 

The permissions needed for the RDMRunner account allow for ALL management operations to be performed through the Devolutions Password Server instance.

 

Some may desire to harden the system. Hardening the system means to disallow certain operations from the Devolutions Password Server instance, which would make using a SQL Server data source, bound to the same database, necessary for these operations.  For instance you could decide to not allow to create users through the instance, but only through a direct SQL connection.  Please contact us to discuss these scenarios.

 

BadgeCaution48x48

Please note that we are reworking these scripts as there are significant changes to the DB structure in the latest releases. These scripts are mandatory in order to give enough permissions to the RDMRunner service account. Contact our support department for instructions specific to your installed version.