Login and Security Overview

TRAVERSE Server Manager

Login and Security Overview

Once you have successfully created company databases, the next step is to define the groups and users that can access the TRAVERSE data and the functionality they will have within the TRAVERSE Accounting System.

Because Microsoft SQL Server is used as the backend database for TRAVERSE, the user must have permission to access Microsoft SQL Server each time TRAVERSE is run. The first step in establishing security is to determine the type of SQL login authentication to be used. Depending on the Microsoft SQL Server configuration, there are different types of logins available.

Windows Authentication Mode. This mode allows each user to connect through a Microsoft Windows user account. When a user connects through a Windows account, Microsoft SQL Server revalidates the account name and password by calling back to Windows for the information.

Mixed Mode. This mode allows users to connect to an instance of Microsoft SQL Server using either Windows Authentication or SQL Server Authentication. Users who connect through a Windows NT 4.0 or Windows 2000 user account can make use of trusted connections in either Windows Authentication Mode or Mixed Mode.

SQL Server Authentication. When a user connects with a specified login name and password from a nontrusted connection, Microsoft SQL Server performs the authentication itself by checking to see if an SQL Server login account is set up and if the specified password matches the one previously recorded.

SQL Server Authentication is provided for backward compatibility because applications written for SQL Server 7.0 or earlier may require the use of SQL Server logins and passwords. Additionally, SQL Server Authentication is required when an instance of SQL Server is running on Windows 98 because Windows Authentication Mode is not supported in Windows 98. Therefore, SQL Server uses Mixed Mode when running on Windows 98.

Once you have specified the type of authentication, groups and group members can see only the tables and views they are authorized to see and can execute only the stored procedures and administrative functions they are authorized to execute.

A login ID only enables the user to connect to an instance of Microsoft SQL Server. Permissions within specific databases are controlled by user accounts. Every object in TRAVERSE Server Manager is owned by a user. When an object is first created, the only user ID that can access the object is the owner or creator ID. If the owner wants only specific users to access the object, the owner can grant permissions to those specific users.

It is easy to manage the permissions in a database if you define groups based on job functions and assign each group the permissions that apply to that job. You can then move users between groups rather than having to manage the permissions for each individual user. If the function of a job changes, it is easier to change the permissions once for the group and have the changes applied automatically to all group members.