This section describes SQL security needed for MoversSuite and Microsoft Dynamics GP users.
NOTE: If MoversSuite Administration is loaded on the same server as SQL, then the application pool identity account will need the MssExec role on MoversSuite2 database and the MssGPExec roll on the company-specific Dynamics GP database.
NOTE: If MoversSuite Administration or the MoversSuite queuing service is ran on machine other than the SQL server, then the machine account will need the MssExec role on MoversSuite2 database and the MssGPExec roll on the company-specific Dynamics GP database.
SQL Security for MoversSuite Users
MoversSuite integrates with Windows Authentication
protocol to validate transactions through an SQL server.
This protocol requires MoversSuite users to have domain accounts set with the following roles:
§ MoversSuite users will need to have the following roles on the MoversSuite2 database:
MssExec
public
§ MoversSuite users and the MssAPI service users will need to have the following roles on the company-specific Microsoft Dynamics GP database:
MssGPExec
public
NOTE: MssAPI service users need MssGPExec rights for importing payments through the CSV Import.
Assign roles to individual domain user accounts or domain groups. The following procedure describes the process of setting these roles to a new domain user/group for MoversSuite:
Step |
Description |
1 |
Open the Microsoft SQL Server Management application. |
2 |
Open a connection to the server hosting MoversSuite using the Connect > Database Server option, which opens the Connect to Server window. |
3 |
Select the Server name and appropriate authentication and press Connect to open. |
4 |
Expand the Security folder and then expand the Logins folder. |
5 |
Right-click on Logins and choose New Login.
Figure 25: New Login option
This will open the Login – New screen. |
6 |
Enter the name of the domain user/group in the Login name field. Note: Keep the default settings for other fields on the General page. |
7 |
Click on the User Mapping link (under Select a page) to accessing the login to role mapping page. |
Set roles for this user for the MoversSuite2 database | |
8 |
In the “Users mapped to this login” section, select the MoversSuite2 database for the user by placing a check () in the Map column.
Figure 26: Users mapped to this login section
|
|
Map roles to the login by selecting MssExec and public within the “Database role membership for” section.
Figure 27: Database role membership for section
|
Set roles for this user for the company-specific Dynamics GP database | |
9 |
In the Users mapped to this login section, select the company-specific Dynamics GP database for the user by placing a check () in the Map column.
Figure 28: Users mapped to this login section
|
10 |
Map roles to the login by selecting MssGPExec and public within the “Database role membership for” section.
Figure 29: Database role membership for section
|
|
Press OK to save the new domain user/group. |
SQL Security for Microsoft Dynamics GP Users
Dynamics GP user accounts are created from within Microsoft Dynamics GP. Microsoft Dynamics GP creates a corresponding SQL user account. These SQL user accounts will need the following roles:
§ Dynamics GP users will need to have the following roles on the MoversSuite2 database:
MssExec
Public
§ Dynamics GP users will need to have the following roles on the Dynamics database as well as any company-specific Dynamics GP database:
DYNGRP
public
The following procedure instructs a user on assigning roles through Microsoft SQL Server Management:
Step |
Description |
1 |
Open the Microsoft SQL Server Management application. |
2 |
Open a connection to the server hosting MoversSuite using the Connect > Database Server option, which opens the Connect to Server window. |
3 |
Select the Server name and appropriate authentication and press Connect to open. |
4 |
Expand the Security folder and then expand the Logins folder. |
5 |
Locate appropriate domain users and choose Properties from the right-click option. This opens the Login Properties window.
Figure 30: Right-click options from Logins entries
|
6 |
From Login Properties, select User Mappings from the Select a page menu. |
7 |
In the “Users mapped to this login” section, select the MoversSuite2 database for the user by placing a check () in the Map column.
Figure 31: Users mapped to this login section
|
8 |
Map roles to the login by selecting MssExec and public within the “Database role membership for” section.
Figure 32: Database role membership section
|
9 |
Repeat Steps 7 and 8 for the Dynamics database and the company-specific Dynamics GP database but setting the DYNGRP role for each instead of MssExec.
Figure 33: User Mappings page
|
9 |
Press OK to keep the changes and to close the Login Properties screen. |