Securing the TransactionConfig Database

  • Article

It is strongly recommended that you use Windows Authentication to control access to your databases. When you configure your database connection strings for Windows Authentication, you must assign Business Desk users and run-time users (who use an anonymous domain account) the appropriate levels of access to your databases.

To help you secure the Transactions database, Commerce Server includes two security scripts: TransactionsConfigReaderRole.sql and TransactionConfigWriterRole.sql. These scripts are located in the Program Files\Microsoft Commerce Server\Support folder.

These scripts create two roles in the TransactionConfig database, and assign the necessary permissions to the tables and stored procedures:

  • TransactionConfigReaderRole. Assign run-time users to this role.
  • TransactionConfigWriterRole. Assign design-time users to this role.

To create the TransactionConfigReaderRole and the TransactionConfigWriterRole

  1. Click Start, point to Programs, point to Microsoft SQL Server, and then click SQL Query Analyzer.
  2. In the Connect to SQL Server dialog box, specify the appropriate SQL server.
  3. In Query Analyzer, in the database drop-down box, select the TransactionConfig database.
  4. Click File, and then click Open.
  5. Navigate to the scripts located in the Program Files\Microsoft Commerce Server\Support folder, and select TransactionConfigReaderRole.
  6. The script opens and the code appears in the Query Analyzer window.
  7. On the toolbar, click Run to run the script against the selected database.
  8. Repeat these steps to run the TransactionConfigWriterRole script.
  9. After you create the roles, assign the anonymous run-time user account and the Business Desk group account to the appropriate roles. For instructions, see Assigning SQL Server Database Roles.

The scripts create the two roles and grant permissions on the following TransactionConfig tables and stored procedures.

Tablename TransactionConfigReaderRole
(Run-time users)		 TransactionConfigWriterRole
(Business Desk users)		 
CatalogCache_Virtual_Directory
 Select
Insert
Update		 Select
Delete		 
Decode
 Select Select
Insert
Update
Delete		 
Region
 Select Select
Insert
Update
Delete		 
RegionalTax
 Select Select
Insert
Update
Delete		 
ShippingConfig
 Select Select
Insert
Update
Delete		 
TableShippingRates
 Select Select
Insert
Update
Delete		 
TxVirtual_Directory
 Select
Insert
Update		 Select
Delete

TransactionConfig Store Procedure

The scripts grant permissions to the TransactionConfigReaderRole and TransactionConfigWriterRole as shown in the following table.

Stored Procedure TransactionConfigReaderRole
(Run-time users)		 TransactionConfigWriterRole
(Business Desk users)
sp_GetShippingRateProc Yes Yes

Copyright © 2005 Microsoft Corporation.
All rights reserved.