1. Accounts of ObjectGears system

    Artikel: AN0001829Aktualisiert: 21.04.2020
    Die vorgegebene Sprachenversion vom Artikeltext wird angezeigt, weil es kein Text von der ausgewählten Sprache und Version gibt.

    This chapter describes access righs necessary for technical accounts of ObjectGears system.


    Component Account
    Administration It is defined in connection string in the configuration. It requires db_owner.
    Piklo It does not have its own account.
    Web Technical account 1
    WinService Technical account 2

    Technical account 1

    We recommend to use an account with a lower access rights in Windows system for the web part of the ObjectGears system.

    • Member of group IIS_IUSRS.
    • Access rights to ObjectGears database on level db_owner.
    • Access rights on file system:
      • Read and execute on folder Web in ObjectGears installation.

    Technical account 2

    • Member of group Users.
    • Permissions to ObjectGears database on: db_owner.
    • Permissions on file system:
      • Read and execute on folder WinService in ObjectGears installation.
      • Read and execute, Modify and Write on folder Piklo in ObjectGears installation.
    • Read and write permissions to registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog. Write to the registry is needed just for the first start of the service start. This can be performed by a local administrator account. Then the service can run under an account that has just Read permissions to registries.
    • Log on as a service.