Controlling permission to update the collection database

  • Article

Applies To: Forefront Client Security

The following user roles require permission to update the collection database, which is called the OnePoint database in SQL Server:

  • Policy Author

  • Policy Deployer

To grant the SQL Server permissions necessary to update the OnePoint database

  1. Using an account that has administrator privileges in SQL Server 2005, log on to the collection server.

  2. Open SQL Server Management Studio and connect to the collection database.

  3. Under Object Explorer, open Security, right-click Logins, and click New Login.

  4. In the Login name box, type the name of the user or group who should have access to the Client Security console.

  5. Under Select a page, click User Mapping.

  6. Under Map, select the OnePoint check box, and then under Database role membership for this database, select the db_owner and public check boxes, and then click OK.

To revoke the SQL Server permissions necessary to update the OnePoint database

  1. Using an account that has administrator privileges in SQL Server 2005, log on to the collection server.

  2. Open SQL Server Management Studio and connect to the collection database.

  3. Under Object Explorer, open Security, and then open Logins.

  4. Right-click the user or group whose permission you want to revoke, and then click Delete.

  5. On the Delete Object message, click OK, and then on the confirmation message, click OK.