Export (0) Print
Expand All

Database Permissions

Microsoft Provisioning Framework (MPF) has four types of Microsoft SQL Server databases:

  • MPFAudit - This is the audit log database that stores historical transaction data for performance analysis and other reporting purposes.

  • MPFConfig - This is the configuration database that stores run-time properties for provisioning components, namespace definitions for providers and procedures, and user credentials.

  • MPFTranLogData - This is the transaction log database that stores the current state of all executing transactions running in provisioning engines.

  • ResourceManager - This is the Resource Manager database that stores resource management configuration data for resources and consumers, as well as transaction handling data.

In SQL Server, permissions to select (read) and write to database tables and stored procedures is granted by role. Databases typically have multiple roles to support users with different sets of access permissions. To access an MPF database, the calling user must satisfy two conditions:

  • The user must be a member of a group assigned to a database role.

  • The role must have permission to access the necessary tables and stored procedures.

Groups are assigned to roles using SQL Server Enterprise Manager. The following table lists the default MPF database roles, the databases with which they are associated, and the groups assigned to the role. Using Enterprise Manager, however, you can change the roles for a database as well as the members and permissions for a role.

Table: Default MPF Database Roles, Databases, and Groups

RolesDatabasesPermissionsGroups

MPFAdminRole

All

Full permissions to all tables and stored procedures

MPFAdmins

MPFAuditorRole

MPFAudit

Read (select) access to audit data

MPFAuditors

MPFServiceRole

All

Write access to the MPFAudit and MPFTranLogData database and read access to MPFConfig to fetch stored procedures

Dd278655.note(en-us,TechNet.10).gifNote
To successfully execute the Custom Audit::Audit procedure against MPFAudit, MPFServiceRole must have write permissions for any tables and stored procedures updated by the SQL commands.

MPFServiceAccts

MPFClientRole

MPFConfig

Read access to client properties.

MPFClientAccts

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft