SQL Server 2000 and AccuMark

7/29/2019 SQL Server 2000 and AccuMark

1/18

Page 1 of 18

1

Management of AccuMark Data storageusing MS-SQL-2000 Server

This document illustrates how Microsoft SQL-Server2000 can be used withAccuMark Family Professional Edition software (MSDE/SQL is not supported onAccuMark Advanced Edition)to allow AccuMark users to create storage areasand to access them.

While all permissions below can be defined for single users, it is highlysuggested to define a Group of users to reduce administrative workload. Theexample below defines only one User Group, giving all users the same access toall storage areas. Using the same procedure to define multiple User Groupsassigning different access permissions for users or for storage areas.

On most networks AccuMark users will be defined as standard Users (with noAdministration rights). By default, such users are not able to create newdatabases on an SQL-server 2000 (databases are where the AccuMark storagearea data is stored).

User and Group ManagementA user account is a collection of information that tells Windows which user rightsand access permissions a user has on a computer. A group is a collection of useraccounts, computers, contacts or other user groups. By adding a user account toa group, you can avoid having to grant the same access and permission to manydifferent users one by one. Members of a group can make the same types ofchanges to settings and have the same access to folders, printers, and othernetwork services.

Many companies use network domains and have an IT department that will bethe ones who have the ability to create groups and users. The instructions belowwill describe how to set up groups and users for access to AccuMark storageareas. The person creating the groups and users must have administrativepermissions.

These sections describe how to create groups and assign users to these groupson Windows XP and Windows Vista systems. It assumes the users already existon this system or a domain server and can be accessed from this server.

You must create the User Groups first and then specify in SQL Server where andhow these users and groups will have access to the AccuMark data.


2/18

Page 2 of 18

2

The User Group will need to be created on the server that will has SQL Serverinstalled for access to the storage areas on that server. The process belowdescribes how to create on the server in User Management a User Groupcontaining all AccuMark users

NOTE: the instructions below show how to create user groups for Windows XP

and Windows Vista (Windows 2000 will no longer be supported for use withAccuMark starting with version 8.3). MSDE and SQL Server 2000 can be usedon Windows XP, however MSDE is not supported on Vista. For information onusing Windows XP or Vista and SQL 2005 Server or Express, please refer to thedocument SQL Server 2005 and AccuMark.doc

Creating User Groups on Windows XP:These instructions are based on using the Category View.

Select Start, Control Panel. Select User Accounts from the Category

Select user Accounts from the Control Panel icon section In the Users Accounts dialog, select the Advanced tab and then the

Advanced button


3/18

Page 3 of 18

3

Highlight the Groups entry in the left window.

Place the mouse in the right side of the window pane, right-click and selectNew Group

Type in the name of the newgroup. In this example, theUserGroup is called AM-SQL-Users.

Enter an optional description

Select the Add button


4/18

Page 4 of 18

4

From the From this location drop-down list select the Locations button toaccess the server or domain where the users you would like to add to the AM-SQL-Users group exist.

Select the Advancedbutton.

Select the Find Nowbutton to get a list ofuser names from thislocation.

Highlight one or more users and select the OK Button (use the ctrl or shiftkeys to select morethan one).


5/18

Page 5 of 18

5

The user name(s) will appear in the window.

You can chooseanother domain to add additional users or select Ok to finish.

Select the Create button to complete the creation of this new group. Select close to close the dialog windows. The new group should now appear

in the list for Local Users and Groups.

Creating User Groups on Windows Vista:

Note : These steps cannot be completed on Windows Vista Starter,Windows Vista Home Basic, and Windows Vista Home Premium.

1. Click to open Microsoft Management Console. If you are prompted foran administrator password or confirmation, type the password or provideconfirmation.

2. In the left pane of Microsoft Management Console, click Local Users andGroups.

If you don't see Local Users and Groups

If you don't see Local Users and Groups, it's probably because thatsnap-in has not been added to Microsoft Management Console.Follow these steps to install it:

1. In Microsoft Management Console, click the File menu, and thenclick Add/Remove Snap-in.

2. Click Local Users and Groups, and then click Add.

3. Click Local computer, and then click Finish.


6/18

Page 6 of 18

6

4. Click OK.

3. Double-click the Groups folder.

4. Right-click the group you want to add the user account to, and then clickAdd to Group.

5. Click Add, and then type the name of the user account.

6. Click Check Names, and then click OK.

Note: To help make your computer more secure, add a user to theAdministrators group only if it is absolutely necessary. Users in theAdministrators group have complete control of the computer. They can seeeveryone's files, change anyone's password, and install any software they want.

SQL Server User Management Setting Permissions for the Groups

Define the Login for the AccuMark UserGroup in SQL Server Enterprise Manager

On the server, open Microsoft SQL Server Enterprise Manager,

Open in the Tree-windows (left side) the tree until you get to the SQL serverthat will contain the AccuMark storage areas (in this example:WEBPDMSPEC_BNL),

Open the local SQL server to getthe display of associated entrieslike Databases, Security,..

Open the Security item to getLogins displayed.

Right-click on Logins and selectto create a New Login:


7/18

Page 7 of 18

7

On the tab General, define the name by selecting via the lookup-button the

UserGroup.

Select the tab : ServerRoles:

Select (place checkmark) on Database Creators

Save the new Login (OK button).

The new Login will be listed in theright window.

Accumark users are now able tocreate new storage areas using thisSQL-server.

However, only the creator of thedatabase will have access to thestorage area.


8/18

Page 8 of 18

8

Setting Group Access Permission to AccuMark Storage Areas

To allow other users access to a storage area on SQL-server, you need to giveAccess-permisison .There are 2 possibilities to define access for AccuMark Users :

1) Allow all users to access all databases = storage areas

SQL-server 2000 allows to pre-define configuration values in the databasemodel (never delete this database ), which is used as a template to create newdatabases, which is equivalent to a new storage area.

This method can be used for SQL-servers, which are used only to storeAccuMark data. If the customer is using the SQL-server also to store other data ,then this method should not be used, since it will cause a security issue for thenon-Accumark databases (please discuss this issue with the IT personal of the

customer )

Note : it is required to define this before new storage areas are created !Note : Users creating new storage areas are required to have MSDE orSQL-Express installed on their systems (see below)

To configure default access to new Accumarkstorage areas :

Use SQL-server 2000 Enterprise Manager,expand your SQL-server

Expand Databases,

Expand the database model, expand Users Right-click on Users and select New

Database User

Use the dropdown to select the User Group ofAccuMark users.


9/18

Page 9 of 18

9

As Database role membership, please select (by placing a check-mark):- Public (should already be selected by default)- db_datareader- db_datewriter

Click OK to save thisinformation.

All members of the AccumarkUsergroup have now immediatelyaccess to any newly createddatabase = storage area.

2) Manual assignment of access to all storage areas

In cases where the customer can not allow to grant automatically access for allAccumark users to all new databases = Accumark storage areas (because theSQL-server is either used also to store other non-Accumark data or if thecustomer like to assign different access rights for storage areas for users bydefining multiple Accumark usergroups ), then the User Administration of SQL-server 2000 can be used.

Note :The storage area must first be created from an Accumarkworkstation, before Access permisisons can be assigned !Note : Users creating new storage areas are required to have MSDE or

SQL-Express installed on their systems (see below)

To define the access to the storage areas, display the Login for the AccuMarkusers group (in this example : Am-SQL-Users) under Security Logins (by adouble-click or Properties from the toolbar) :

tab : Database Access:


10/18

Page 10 of 18

10

Select in the upper list the databases containing storage areas ( which must firsthave been created from an AccuMark workstation ) to be accessible by thisusergroup by placing a checkmark.

For EACH of these databases that will be used as AccuMark storage areas, youmust select in the lower list as Database Role db_datawriter and

db_datereader to allow the AccuMark applications to work with this storagearea, by placing a check-mark on its entry

NOTE: if you select only db_datareader but not db_datawriter, then you havea read-only storage area, where users can view and read data, but are not ableto update data or store new data.

UserPerm DatabaseThe UserPerm database allows the AccuMark administrator to assign furtherpermissions on a data item level. Thus the users must be granted db_datareader

and db_datawriter rights to this UserPerm database so the AccuMarkapplications can read and write these extended permissions. For more details onrestricting access on a data item level, see the document Read-WriteControls.pdf

Select the UserPerm entry in the Database Access window and enable thedb_datareader and db_datawriter permissions in the Database roles window.


11/18

Page 11 of 18

11

CAD Relational DatabaseIf you are using a CAD Relational Database (RDBMS) then db_datareader anddb_datawriter permissions must be granted as well. Grant the Executepermission in order to be able to run the stored procedures that are used for theRDBMS.

Other permissions may be needed when using the CAD relational database forWebPDM. Contact your WebPDM administrator for assistance.

Granting Execute Permission to the CAD Relational Database

Note: the CAD Relational database (RDBMS) must be named WebPDM whenpopulating data for access by WebPDM applications. Otherwise the name for theRDBMS needs to conform to the same rules as for AccuMark storage areanames.

Open the SQL Server Enterprise Manager. Permission must be granted on eachof the stored procedures that are used for AccuMark Family applications. The listbelow in the pictures reflects the currently used stored procedures for AccuMarkFamily V8.3.0. Other procedures may be added as needed by AccuMarkhotfixes, service packs or later releases. The CAD relational database used inthese examples is called rdbms.

Method 1: Use the stored procedure to set permission to the group. Opendatabase rdbms and double-click Stored Procedures to display a list of allstored procedures.


12/18

Page 12 of 18

12

Repeat for all AccuMark Family stored procedures:

Select the first stored procedure (i.e. pGerCADCatID) and right-click and selectproperties.

Select the Permissions button


13/18

Page 13 of 18

13

Select the user or group to grant permission to. Then enable by checking on theEXEC execute checkbox.

Select OKContinue to grant the execute permission to each of the AccuMark Family storedprocedures.

Method 2: Use the group or user to set the permission for the stored procedure.Open database rdbms and double-click Users to display a list of all users andgroups.


14/18

Page 14 of 18

14

Select the group or user to apply permissions to. Right-click and selectProperties.

Select the Properties button


15/18

Page 15 of 18

15

Enable by clicking on the EXEC column for each of the AccuMark Family storedprocedures.Select OK to finish.


16/18

Page 16 of 18

16

Users creating new storage areas are required to have MSDE or SQL-Express installed on their systems

When creating via Accumark Explorer a new storage area using SQL-server :

a script is processed to create the required tables inside the SQL-serverdatabase and to define the default Accumark data items :


17/18

Page 17 of 18

17

This requires on the systems creating the storage area the MSDE or SQL-Express to be installed.

Attempting to create a storage area on a system without MSDE or SQL-Expresswill result into an error message (Error 1027), a database is created but not

usable for Accumar data storage :

Note : MSDE or SQL-Express are only required to be installed on the systems

creating a storage area, it is not required to have the database execute on suchsystems.

To reduce workload on such systems, it is suggested to stop the databaseengine and to avoid future start-ups on local systems :- double-click on the SQL-symbol in the taskbar- Select Stop if the database engine is still running- un-check Auto-start service when OS starts- Close the SQL-Server Service Manager window


18/18

Page 18 of 18

18

Note : there is no need to install MSDE or SQL-Express on Accumark systsemsaccessing such SQL-based storage areas .

Documents

SQL Server 2000 and AccuMark