Users and roles
Like most DBMSes Lyftron uses users and roles for access management. Permissions can be assigned on a per-user or per-role basis.
Any number of users can be assigned to a single role.
The following chapter describes the user, role and permission management.
This section can be found under Administer -> User management:
Lyftron comes with a few predefined user accounts:
|admin||The default administrative account|
|spark||The default account used for reverse Spark connections (see: Spark management)|
|BUILTIN\Administrators||Default Windows Administrators group mapping|
|system (hidden)||The default system account used by Lyftron|
A new user can created using the Add user button:
The following table summarizes the fields:
|Login||The name of the account. If using Windows Authentication, the format should be DOMAIN\account|
|Integrated authentication||Enabled Integrated Windows Authentication. Disables password|
|Password||Account password when using SQL authentication|
|Confirm password||Retype password|
|First name||Optional: user's first name|
|Last name||Optional: user's last name|
|User type||Type of the account: Regular - standard account, Spark reverse account - see: Spark management, System - reserved for system account - do not use|
|Disabled||Disabled accounts will not be rejected on authentication|
The next screen allows assigning the account to Roles. Every account must be assigned at least to public role.
Once defined, you can use the Global access rights functionality to define the actual permissions for the given user.
This section can be found under Administer -> Role management:
Lyftron comes with several predefined roles:
|datareader||Members of the datareader built-in server role can query any table in any database|
|dbcreator||Members of the dbcreator built-in server role can create new databases and connections|
|public||Default role assigned to all users, any rights granted to the public role are granted to all current and future users|
|securityadmin||Members of the securityadmin built-in server role manage logins and their properties|
|sysadmin||Members of the sysadmin built-in server role can perform any activity in the server.|
|viewer||Members of the viewer built-in server role can see any table in any database but cannot query or modify data|
A new role can created using the Add role button:
The two required fields don't require much comment.
The subsequent screen allows adding any existing user to the newly created role.
Once defined, you can use the Global access rights functionality to define the actual permissions for the given role.