Article: AN0001829Updated: 21.04.2020
This chapter describes access righs necessary for technical accounts of ObjectGears system.
| Component |
Account |
| Administration |
It is defined in connection string in the configuration. It requires db_owner. |
| Piklo |
It does not have its own account. |
| Web |
Technical account 1 |
| WinService |
Technical account 2 |
Technical account 1
We recommend to use an account with a lower access rights in Windows system for the web part of the ObjectGears system.
- Member of group IIS_IUSRS.
- Access rights to ObjectGears database on level db_owner.
- Access rights on file system:
- Read and execute on folder Web in ObjectGears installation.
Technical account 2
- Member of group Users.
- Permissions to ObjectGears database on: db_owner.
- Permissions on file system:
- Read and execute on folder WinService in ObjectGears installation.
- Read and execute, Modify and Write on folder Piklo in ObjectGears installation.
- Read and write permissions to registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog. Write to the registry is needed just for the first start of the service start. This can be performed by a local administrator account. Then the service can run under an account that has just Read permissions to registries.
- Log on as a service.