Authentication

The LN DBA module sessions are used to map LN groups and users to SQL Server logins to allow them to establish a connection to the SQL Server and access data. To prevent unauthorized users from accessing the database, non-mapped users cannot establish a connection to the database. When a database is created, an administrator or SQL Server database owner (DBO) creates a login for the user and associates the user with a SQL Server role in the database. The members that belong to this role inherit the role's privileges and are able to establish a connection to the database either via unified login or using a valid password stored in encrypted form in the driver administration files.

A user can be added to or dropped from an LN group by using the LN DBA (database administration) module sessions. Users who are authorized to access the database are registered in the LN driver administration files. The user name and password LN uses to log on to the SQL Server on behalf of the user are maintained in the file %BSE%\lib\msql\msql_users. Here, %BSE% refers to the LN software environment (BSE), the directory where the LN software was installed.

All the LN users and their corresponding SQL Server login names and passwords and the name of the LN group to which they are assigned are defined in the file %BSE%\lib\msql\msql_users. The format of each entry in this file is as follows:

<Infor ERP user>:<SQL Server login>:<Encrypted SQL Server user password>:<Infor ERP group name>

The LN MSQL driver is started by the LN application virtual machine on behalf of the user. From the file %BSE%\lib\msql\msql_users the driver identifies the SQL Server login and password and establishes the connection to the SQL Server.

The group logon process also requires a password, which is defined in the file %BSE%\lib\msql\msql_groups. The file format is as follows:

<Infor ERP group name>:<Encrypted group password>