1. Accounts of ObjectGears system

    Article: AN0001829Updated: 21.04.2020

    This chapter describes access righs necessary for technical accounts of ObjectGears system.


    Component Account
    Administration It is defined in connection string in the configuration. It requires db_owner.
    Piklo It does not have its own account.
    Web Technical account 1
    WinService Technical account 2

    Technical account 1

    We recommend to use an account with a lower access rights in Windows system for the web part of the ObjectGears system.

    • Member of group IIS_IUSRS.
    • Access rights to ObjectGears database on level db_owner.
    • Access rights on file system:
      • Read and execute on folder Web in ObjectGears installation.

    Technical account 2

    • Member of group Users.
    • Permissions to ObjectGears database on: db_owner.
    • Permissions on file system:
      • Read and execute on folder WinService in ObjectGears installation.
      • Read and execute, Modify and Write on folder Piklo in ObjectGears installation.
    • Read and write permissions to registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog. Write to the registry is needed just for the first start of the service start. This can be performed by a local administrator account. Then the service can run under an account that has just Read permissions to registries.
    • Log on as a service.