Database security users and role mappings updates (21937)
The database security users and role mappings for Consolidator and Viewer have been updated and are provided here. Information is provided for the ICCViewer user for the Mongoose database and for these users for the Consolidator database:
- InstallUser
- ServiceUser
- Cloverleaf
During the installation process, after the database is installed, verify that the security users and role mappings are accurate per the information shown in these tables for your appropriate username and use case.
Username: InstallUser - Consolidator database
| Use case - User | Server role | Database mapping | Database mapping role membership | Comments |
|---|---|---|---|---|
| Install - InstallUser | Sysadmin (can remove if steps are followed to setup dbs ahead of time) |
ICC_Aggrega-tionServices ICC_Process-ingQueues ICC_Trace ICC_DocRepos-itory MitreConnect |
db_owner |
Sysadmin rights allows installer to set up user rights, mail profile. If databases are created manually, db_owner is required; errors will be logged but will not block install (related to rights assignments that should have been created before install). After install, InstallUser can be disabled. |
| Upgrade - InstallUser | Sysadmin (can remove) |
ICC_Aggrega-tionServices ICC_Process-ingQueues ICC_Trace ICC_DocRepos-itory MitreConnect |
db_owner | After upgrade, InstallUser can be disabled. |
User: ServiceUser - Consolidator database
| Use case - User | Server role | Database mapping | Database mapping role membership | Comments |
|---|---|---|---|---|
| Runtime - ServiceUser | public | ICC_AggregationServices | public, serviceUserExec | Disable InstallUser during runtime. |
| Runtime - ServiceUser | public | ICC_ProcessingQueues | db_ddladmin, db_datareader, db_datawriter, public, serviceUserExec | Disable InstallUser during runtime. |
| Runtime - ServiceUser | public | ICC_Trace | public, serviceUserExec | Disable InstallUser during runtime. |
| Runtime - ServiceUser | public | ICC_DocRepository | db_ddladmin, db_datareader, db_datawriter, public, serviceUserExec | Disable InstallUser during runtime. |
| Runtime - ServiceUser | public | MitreConnect | Public | Disable InstallUser during runtime. |
User: Cloverleaf - Consolidator database
| Use case - User | Server role | Database mapping | Database mapping role membership |
|---|---|---|---|
| Runtime - Cloverleaf | public | MitreConnect | db_datareader, db_datawriter, public |
User: ICCViewer - Mongoose database
| Use case - User | Server role | Database mapping | Database mapping role membership |
|---|---|---|---|
| Install Mongoose Iso Image - ICCViewer | Sysadmin (can remove if steps are followed to setup dbs ahead of time) | Mongoose_All | db_owner |
| Install Viewer (Patch) - IccViewer | Sysadmin (can remove if steps are followed to setup dbs ahead of time) | Mongoose_All | db_owner |
| Upgrade Viewer (Patch) - ICCViewer | public | Mongoose_All | db_owner |
| Runtime - ICCViewer | public | Mongoose_All | db_owner |