Follow

Configure User Accounts & Permissions

TimeXtender extracts data from sources, creates tables, and writes data to these tables. In order for users to be able to deploy & execute their changes in the TimeXtender application, they must have the proper user accounts and permissions. You can follow the below instructions to enable all the necessary permissions. 

Accounts 

User Accounts 

Identify and/or create the following user accounts. For Cloud deployment, Azure Active Directory (AAD), is recommended. If utilizing Azure Analysis Services then Azure Active Directory is required. For On-Premise deployments, Active Directory (AD) is recommended, but not required. 

  1. One user account for each TimeXtender developer (you may already have these in place). 
  2. One Service Account must be created for each “non-development” environment. These will be used to run the TimeXtender Scheduler Service, TimeXtender Server Service, and the TimeXtender ODX Server Service.

Security Group (Highly Recommended)

Create an Active Directory (AD) Security Group called TXDevelopers  (or similar) and add the developer user accounts identified above. This will make it easier to add & adjust permissions as necessary permissions as developers work on and off the project. 

Permissions

Application Server Level

Local or Domain Administrator on the Application Server. This is required to be able to start and stop services. 

On-Premise SQL Server 

See the following requirements if deploying TimeXtender with SQL Server either on-premise or hosted in a virtual machine. 

  • Data sources – db_datareader. 
  • Target databases – sysadmin or dbOwner. Note that if using dbOwner instead of sysAdmin, a user account with at least dbCreator rights must log in and create the project repository database from within the project repository settings dialog. 
  • SQL Server Integration Services (if applicable) – db_ssisadmin on msdb system database. 
  • SQL Server Analysis Services (if applicable) – server administrator. 

Azure SQL Database 

The following permissions are needed when using Azure SQL DB: 

  • Data sources – db_datareader 
  • Target databases - Server admin, Azure Active Directory admin or dbmanager role in the master database. If hosting the project repository in Azure SQL DB then a SQL account is required. If using contained database users, then use the db_owner role. 

See the following article for more information on Azure SQL Database logins: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-manage-logins  

Azure SQL Managed Instance 

The following permissions are needed when using Azure SQL Managed Instance: 

  • Data sources – db_datareader. 
  • Target databases – sysadmin or dbOwner. Note that if using dbOwner instead of sysAdmin, a user account with at least dbCreator rights must log in and create the project repository database from within the project repository settings dialog. 

Azure Analysis Services 

The following permissions are needed when using Azure Analysis Services (AAS): 

  • Analysis Services Admin permissions based from an Azure Active Directory login.
Was this article helpful?
0 out of 0 found this helpful

2 Comments

  • 0
    Avatar
    Martin Larsson

    What about service accounts for running the ODX server and both services for TimeXtender (scheduler and app server)?

  • 0
    Avatar
    Joseph Treadwell

    Hi Martin, you can find that info on numbered item 2. under User Accounts above. These accounts should all be in the "TX Developers" group and have the necessary permissions listed above. 

Please sign in to leave a comment.