Previous Topic Next topic Print topic


To Configure Process Logon Credentials

A working Server 2008 R2, or later, installation is required to perform these steps.
Some of the processes used by Enterprise Server for .NET need to be run as a Windows administrator user that has sysadmin permissions to access the SQL Server databases used by the system (i.e. region, cross-region and datastores). These processes are:
  • seemonitor.exe - the event monitor
  • w3wp.exe - the IIS application pools
  1. Configuring processes running on the same machine as the SQL Server instance

    By default, these processes are configured to run as the LocalSystem user. This user has Windows administrator privileges, but will not have any database access permission. To give LocalSystem database access, you must add the NT Authority\SYSTEM user as a user in the SQL server instance and give it sysadmin permissions.

  2. Configuring processes running on a different machine from the SQL Server instance
    1. Stop the seemonitor service if it is running.
    2. Modify the logon user for seemonitor.exe. Open the services management console (services.msc) and change the logon user for the seemonitor service to the required user and password.
    3. Modify the logon user for IIS. Open the IIS management console and navigate to the Micro Focus SEE for .NET (Dispatcher) v4.0 application pool. In the advanced settings, change the identity to the user you want to use. Do the same for the Micro Focus SEE for .NET (SEP) v4.0 application pool.
    4. In the SQL server instance, create the user(s) that you have just defined for the seemonitor.exe and w3wp.exe processes to run under, and give them sysadmin database access permission.
    5. Reset the IIS application pools using the wasreset /full command.
    6. Restart the seemonitor service.
Enterprise Server for .NET Administration UI

The Enterprise Server for .NET Administration UI also requires database access. This process should also be run as a Windows administrator user with sysadmin permissions to access the SQL Server database used by the system to ensure that all operations provided by the UI can be successfully performed. However, it is possible to run the UI as a Windows administrator user without sysadmin database permissions, but with a potential reduction in functionality. To do this, the user should be given the db_datareader access role in addition to being granted any of the permissions indicated in the following tables:

  1. Region database
    Permission Console View
    EXECUTE
    • Displaying

  2. Cross-region database
    Permission XA Resource Definitions Shared Catalog Definitions Security Configurations and Managers
    EXECUTE
    • Viewing
    • Adding
    • Adding
    • Viewing
    • Adding
    DELETE
    • Deleting
    • Deleting
    CONTROL
    • Deleting

  3. Datastore database
    Permission Datastore View
    EXECUTE
    • Reading file
    INSERT
    • Reading file
    • Downloading file
    DELETE
    • Closing file
    • Downloading file
    CONTROL
    • Uploading file
    CREATE DATABASE (master db)
    • Create datastore
    CREATE PROCEDURE
    • Reading file
    • Uploading file
    CREATE TABLE
    • Uploading file
Debugging

When debugging, the Visual Studio (devenv.exe) and seesep.exe processes also require database access. If the user running Visual Studio does not have sysadmin permission to access the region, cross-region and datastore databases that are to be used by the debugging sessions, then the user should be granted CONTROL permission to each. The user will also need to be granted VIEW SERVER STATE permission in the master database if datastore databases are used, as Enterprise Server for .NET's database file system support requires access to dynamic management views and functions (DMVs).

Previous Topic Next topic Print topic