Please enable JavaScript to view this site.

How to Grant access to SQL Server instance

Description

In order to use Integrated Security you will need to grant access and specific permissions to the domain account used to connect to the SQL Server Instance.

Steps

To make these instructions simpler, we will name the domain account VaultRunner, please adapt to your requirements.

1. Using Microsoft SQL Server Management Studio, right-click on the Security branch and select New - Login.

MSSQL

MSSQL

2. In the dialog, click on Search.

Login - New

Login - New

3. Change the location to your domain and then select the VaultRunner user account.

Select User or Group

Select User or Group

4. In the User Mapping Section, find your database and check the Map checkbox.

User Mapping

User Mapping

5. In the Database role membership, grant the db_datareader role and then click OK to save the login.

Database Role membership

Database Role membership

Permissions

The permissions needed for the VaultRunner account allow for ALL management operations to be performed through the Devolutions Password Server instance.

Some may desire to harden the system. Hardening the system means to disallow certain operations from the Devolutions Password Server instance, which would make using a SQL Server data source, bound to the same database, necessary for these operations. For instance you could decide to not allow to create users through the instance, but only through a direct SQL connection. Please contact us to discuss these scenarios.

BadgeCaution48x48

Please note that we are reworking these scripts as there are significant changes to the DB structure in the latest releases. These scripts are mandatory in order to give enough permissions to the VaultRunner service account. Contact our support department for instructions specific to your installed version.