What Database Access Permissions Must You Grant to CSS Authentication Accounts?

You must grant database access permissions to specific accounts to support staging of business data projects. Business data projects export data from the SQL Server database associated with the source staging server and import data into the SQL Server database associated with the endpoint. For information about the staging accounts that require access to the SQL Server databases and the access permissions you must grant to these accounts, see the following sections:

• Accounts That Require Database Access

• Commerce Server Database Role Mappings for Staging Accounts

For information about how to create SQL Server login accounts and assign user mappings to the accounts, see How to Grant Staging Accounts Access to the Databases.

Accounts That Require Database Access

The following table summarizes the accounts that require access to SQL Server databases:

You use CSS service accounts to export and import business data. The source CSS service account must have read access to the databases from which it will export data. Similarly, the CSS service account running on the endpoint requires write access to the databases to which it will import data.

The CSS Administrators and CSS Operators groups require read access to catalog data in order to view the catalogs available for export. In addition, users who are assigned an administrator or operator role for a business data project require the same read access permissions. These permissions only must be set on the source SQL Server database.

Commerce Server Database Role Mappings for Staging Accounts

Role mapping assignments are provided for the following two categories of staging accounts that require access to Commerce Server 2009 R2 databases:

• CSS Service Account

• CSS Administrators, CSS Operators, and Project-Level User Accounts

CSS Service Account Role Mapping Assignments

The following table lists the role mapping assignments you should make to CSS service accounts.

Make these assignments on the source and destination SQL Server databases for the CSS service account that corresponds to the source staging server and endpoint. The account name must match the name assigned on the CSS server or in Active Directory. You should provide it in one of the following formats:

• <data domain>\<CSS service account>

• <server_name>\<CSS service account>

CSS Administrators, CSS Operators, and Project-Level User Accounts Role Mapping Assignments

The following table lists the role mapping assignments you should make to users who must view catalog data. These users are members of the CSS Administrators and CSS Operators groups and user accounts that have been provided project-level administrator or operator permissions.

Make these assignments only on the source SQL Server databases. The account name must match the name assigned on the source staging server, or server where the user logs on to administer CSS, or in Active Directory. The group or account name should be in one of the following formats:

• <data domain>\CSS Administrators or <server_name>\CSS Administrators

• <data domain>\<Staging user> or <server_name>\<Staging user>

See Also

Other Resources

How to Grant Staging Accounts Access to the Databases

How to Create a Project for Staging Business Data

Changing the Properties of a Business Data Project

What are the Staging Security Configuration Requirements?