How to Grant access to SQL Server instance
In order to use Integrated Security you will need to grant access and specific permissions to the domain account used to connect to the SQL Server Instance.
To make these instructions simpler, we will name the domain account VaultRunner, please adapt to your requirements.
1. Using Microsoft SQL Server Management Studio, right-click on the Security branch and select New - Login.
2. In the dialog, click on Search.
Login - New
3. Change the location to your domain and then select the VaultRunner user account.
Select User or Group
4. In the User Mapping Section, find your database and check the Map checkbox.
5. In the Database role membership, grant the db_datareader role and then click OK to save the login.
Database Role membership
The permissions needed for the VaultRunner account allow for ALL management operations to be performed through the Devolutions Password Server instance.
Some may desire to harden the system. Hardening the system means to disallow certain operations from the Devolutions Password Server instance, which would make using a SQL Server data source, bound to the same database, necessary for these operations. For instance you could decide to not allow to create users through the instance, but only through a direct SQL connection. Please contact us to discuss these scenarios.
Please note that we are reworking these scripts as there are significant changes to the DB structure in the latest releases. These scripts are mandatory in order to give enough permissions to the VaultRunner service account. Contact our support department for instructions specific to your installed version.