Follow

Configure User Accounts & Permissions

Discovery Hub extracts data from sources, creates tables, and writes data to these tables. In order for users to be able to deploy & execute their changes in the Discovery Hub application, they must have the proper user accounts and permissions. You can follow the below instructions to enable all the necessary permissions. 

Accounts 

User Accounts 

Identify and/or create the following user accounts. For Cloud deployment, Azure Active Directory (AAD), is recommended. If utilizing Azure Analysis Services then Azure Active Directory is required. For On-Premise deployments, Active Directory (AD) is recommended, but not required. 

  1. One user account for each Discovery Hub developer (you may already have these in place). 
  2. One Service Account must be created for each “non-development” environment. These will be used to run the Discovery Hub Scheduler Service and Discovery Hub Server Service.

Security Group (Highly Recommended)

Create an Active Directory (AD) Security Group called TXDevelopers  (or similar) and add the developer user accounts identified above. This will make it easier to add & adjust permissions as necessary permissions as developers work on and off the project. 

Permissions

Application Server Level

Local or Domain Administrator on the Application Server. This is required to be able to start and stop services. 

On-Premise SQL Server 

See the following requirements if deploying Discovery Hub with SQL Server either on-premise or hosted in a virtual machine. 

  • Data sources – db_datareader. 
  • Target databases – sysadmin or dbOwner. Note that if using dbOwner instead of sysAdmin, a user account with at least dbCreator rights must log in and create the project repository database from within the project repository settings dialog. 
  • SQL Server Integration Services (if applicable) – db_ssisadmin on msdb system database. 
  • SQL Server Analysis Services (if applicable) – server administrator. 

Azure SQL Database 

The following permissions are needed when using Azure SQL DB: 

  • Data sources – db_datareader 
  • Target databases - Server admin, Azure Active Directory admin or dbmanager role in the master database. If hosting the project repository in Azure SQL DB then a SQL account is required. If using contained database users, then use the db_owner role. 

See the following article for more information on Azure SQL Database logins: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-manage-logins  

Azure SQL Managed Instance 

The following permissions are needed when using Azure SQL Managed Instance: 

  • Data sources – db_datareader. 
  • Target databases – sysadmin or dbOwner. Note that if using dbOwner instead of sysAdmin, a user account with at least dbCreator rights must log in and create the project repository database from within the project repository settings dialog. 

Azure Analysis Services 

The following permissions are needed when using Azure Analysis Services (AAS): 

  • Analysis Services Admin permissions based from an Azure Active Directory login.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.