Securing the Business Desk Permissions Database
It is strongly recommended that you use Windows Authentication for access to your databases. When you configure your database connection strings for Windows Authentication, you must assign Business Desk users and runtime users (who use an anonymous domain account) the appropriate access to your databases.
To help you secure the Business Desk Permissions database, Commerce Server includes two security scripts: BDReaderRole.sql and BDWriterRole.sql. These scripts are located in the Program Files\Microsoft Commerce Server\Support folder.
These scripts create two roles on the Business Desk Permissions database, and assign the necessary permissions to the tables and stored procedures:
- BDReaderRole. Assign run-time users to this role.
- BDWriterRole. Assign Business Desk users to this role.
To create the BDReaderRole and the BDWriterRole
Click Start, point to Programs, point to Microsoft SQL Server, and then click SQL Query Analyzer.
In the Connect to SQL Server dialog box, specify the appropriate SQL server.
In Query Analyzer, in the database drop-down box, select the Business Desk Permissions database.
Click File, and then click Open.
Navigate to the scripts located in the Program Files\Microsoft Commerce Server\Support folder, and select BDReaderRole.
The script opens and the code appears in the Query Analyzer window.
On the toolbar, click to run the script against the selected database.
Repeat these steps to run the BDWriterRole script.
After you create the roles, assign the anonymous run-time user account and the Business Desk group account to the appropriate roles. For instructions, see Assigning SQL Server Database Roles.
The scripts create the roles and grant permissions on the following Permission tables and stored procedures.
Table | BDReaderRole (Run-time users) |
BDWriterRole (Business Desk users) |
---|---|---|
|
No access | Select Update Insert Delete |
|
No access | Select Update Insert Delete |
Permissions Stored Procedures
The Business Desk security scripts grant permissions on the following stored procedures.
Stored Procedure | BDReaderRole (Run-time users) |
BDWriterRole (Business Desk users) |
---|---|---|
|
No access | Yes |
|
No access | Yes |
|
No access | Yes |
|
No access | Yes |
|
No access | Yes |
|
No access | Yes |
|
No access | Yes |
|
No access | Yes |
|
No access | Yes |
Copyright © 2005 Microsoft Corporation.
All rights reserved.