Securing the Business Desk Permissions Database

  • Article

It is strongly recommended that you use Windows Authentication for access to your databases. When you configure your database connection strings for Windows Authentication, you must assign Business Desk users and runtime users (who use an anonymous domain account) the appropriate access to your databases.

To help you secure the Business Desk Permissions database, Commerce Server includes two security scripts: BDReaderRole.sql and BDWriterRole.sql. These scripts are located in the Program Files\Microsoft Commerce Server\Support folder.

These scripts create two roles on the Business Desk Permissions database, and assign the necessary permissions to the tables and stored procedures:

  • BDReaderRole. Assign run-time users to this role.
  • BDWriterRole. Assign Business Desk users to this role.

To create the BDReaderRole and the BDWriterRole

  1. Click Start, point to Programs, point to Microsoft SQL Server, and then click SQL Query Analyzer.

  2. In the Connect to SQL Server dialog box, specify the appropriate SQL server.

  3. In Query Analyzer, in the database drop-down box, select the Business Desk Permissions database.

  4. Click File, and then click Open.

  5. Navigate to the scripts located in the Program Files\Microsoft Commerce Server\Support folder, and select BDReaderRole.

    The script opens and the code appears in the Query Analyzer window.

  6. On the toolbar, click Run to run the script against the selected database.

  7. Repeat these steps to run the BDWriterRole script.

  8. After you create the roles, assign the anonymous run-time user account and the Business Desk group account to the appropriate roles. For instructions, see Assigning SQL Server Database Roles.

The scripts create the roles and grant permissions on the following Permission tables and stored procedures.

Table BDReaderRole
(Run-time users)		 BDWriterRole
(Business Desk users)		 
BDSecurityDefinition
 No access Select
Update
Insert
Delete		 
BDSecurityIdentifiers
 No access Select
Update
Insert
Delete

Permissions Stored Procedures

The Business Desk security scripts grant permissions on the following stored procedures.

Stored Procedure BDReaderRole
(Run-time users)		 BDWriterRole
(Business Desk users)		 
sp_AddAccount
 No access Yes 
sp_AddSIDsToTempTable
 No access Yes 
sp_GetAccounts
 No access Yes 
sp_GetAccountsForRight
 No access Yes 
sp_GetPermissions
 No access Yes 
sp_GetUID
 No access Yes 
sp_RemoveAccount
 No access Yes 
sp_RemoveSecurityDefinitions
 No access Yes 
sp_SetPermissions
 No access Yes

Copyright © 2005 Microsoft Corporation.
All rights reserved.