Some of the processes used by
Enterprise Server for .NET need to be run as a Windows administrator user that has sysadmin permissions to access the SQL Server databases used by the system (i.e. region, cross-region and datastores). These processes are:
- seemonitor.exe - the event monitor
- w3wp.exe - the IIS application pools
- Configuring processes running on the same machine as the SQL Server instance
By default, these processes are configured to run as the LocalSystem user. This user has Windows administrator privileges, but will not have any database access permission. To give LocalSystem database access, you must add the NT Authority\SYSTEM user as a user in the SQL server instance and give it sysadmin permissions.
- Configuring processes running on a different machine from the SQL Server instance
- Stop the
seemonitor service if it is running.
- Modify the logon user for
seemonitor.exe. Open the services management console (services.msc) and change the logon user for the seemonitor service to the required user and password.
- Modify the logon user for IIS. Open the IIS management console and navigate to the
Micro Focus SEE for .NET (Dispatcher) v4.0 application pool. In the advanced settings, change the identity to the user you want to use. Do the same for the
Micro Focus SEE for .NET (SEP) v4.0
application pool.
- In the SQL server instance, create the user(s) that you have just defined for the
seemonitor.exe and
w3wp.exe processes to run under, and give them sysadmin database access permission.
- Reset the IIS application pools using the
wasreset /full command.
- Restart the
seemonitor service.
Enterprise Server for .NET Administration UI
The
Enterprise Server for .NET Administration UI also requires database access. This process should also be run as a Windows administrator user with sysadmin permissions to access the SQL Server database used by the system to ensure that all operations provided by the UI can be successfully performed. However, it is possible to run the UI as a Windows administrator user without sysadmin database permissions, but with a potential reduction in functionality. To do this, the user should be given the db_datareader access role in addition to being granted any of the permissions indicated in the following tables:
- Region database
Permission
|
Console View
|
EXECUTE
|
|
- Cross-region database
Permission
|
XA Resource Definitions
|
Shared Catalog Definitions
|
Security Configurations and Managers
|
EXECUTE
|
|
|
|
DELETE
|
|
|
|
CONTROL
|
|
|
|
- Datastore database
Permission
|
Datastore View
|
EXECUTE
|
|
INSERT
|
- Reading file
- Downloading file
|
DELETE
|
- Closing file
- Downloading file
|
CONTROL
|
|
CREATE DATABASE (master db)
|
|
CREATE PROCEDURE
|
- Reading file
- Uploading file
|
CREATE TABLE
|
|
Debugging
When debugging, the Visual Studio (devenv.exe) and
seesep.exe processes also require database access. If the user running Visual Studio does not have sysadmin permission to access the region, cross-region and datastore databases that are to be used by the debugging sessions, then the user should be granted CONTROL permission to each. The user will also need to be granted VIEW SERVER STATE permission in the master database if datastore databases are used, as
Enterprise Server for .NET's database file system support requires access to dynamic management views and functions (DMVs).