| This feature requires Visual
Guard Enterprise Edition
Visual Guard allows you to store its repository in a database.
Visual Guard supports Microsoft SQLServer (2000 or higher) and Oracle
(8i or higher). Visual Guard needs to create tables, stored procedures
and roles to store its information.
To do that, you must run the "Repository Creation" wizard
in Visual Guard console (select the root item in the tree view,
right-click and select the option "Add repository").
Select the option "Create a new empty repository" then
click on the "Next" button.
In the next page, select the item corresponding to your database
(Oracle or SQLServer) then click on the "Next" button.
The following page allows you to indicate the information used to
connect to the database. You must provide a user account that will
be able to create the database objects (tables, stored procedures...).
When you click on the button “Next”, Visual Guard creates
the database objects in the database. All Visual Guard database
objects are prefixed by "vg_".
- For Oracle Database Installation: Visual Guard
will create database objects in the schema associated to the specified
user account (we recommend that you create a specific schema for
Visual Guard repository). If your database DBA wants to create
the database manually, you can find the database creation script
in the directory <Visual Guard installation directory>\VisualGuardConsole\Database\Oracle.
The DBA can use the script "Install.sql" and adapt it
to create the database objects. It is necessary to modify the
script to change the value <VISUAL_GUARD_SCHEMA> to the
name of the schema that will contain the Visual Guard database
objects.
- For SQLServer Database Installation: Visual
Guard will create the database objects in the specified database.
The default database name is "visualguarddb". If your
database DBA wants to create the database manually, you can find
the database creation script in the directory <Visual Guard
installation directory>\VisualGuardConsole\Database\SQLServer.
The DBA can use the script "Install.sql" and adapt it
to create the database objects. If the repository creation wizard
does not detect the database, Visual Guard will create it.
If the wizard does not detect Visual Guard database objects, Visual
Guard will use the SQL script files to create the database objects.
If the wizard detects that the database objects are already created,
the wizard will ask if you want to drop them or keep them.
If you have created the database objects manually, you must answer
that you want to keep them.
In the next page, you must indicate which authentication mode you
want to use.
For Visual Guard authentication mode: Visual Guard
will use the Visual Guard built-in users to authenticate the user.
In this case, Visual Guard will use the connection string specified
in the VisualGuardConfiguration.config to connect to the database.
For Windows authentication mode: Visual Guard will
use the current Windows account to authenticate the user. In this
case, Visual Guard will use the connection string specified in the
VisualGuardConfiguration.config to connect to the database.
For Database authentication mode: Visual Guard
will use the database authentication mechanism to authenticate the
user. In this case, Visual Guard will use the connection string
specified in the VisualGuardConfiguration.config and replace the
current credentials with the credentials provided by the user.
The last page allows you to define the name of the repository and
the user account used as the default Master Administrator of the
repository. When you click on the button "Finish", the
wizard will initialize the repository.
How to grant access to the Visual Guard repository
When Visual Guard needs to authenticate a user, it must be connected
to the database. The database account used to connect to the database
must have access to the Visual Guard database objects. This account
is specified in the configuration file or provided by the user for
Database authentication mode. (If you use Integrated Security options
in the connection string, the Windows account must have access to
the Visual Guard database objects.)
To grant access to these database objects, Visual Guard uses four
database roles:
- vg_BasicAccess: This role must be granted
to a user account that will need to be authenticated by Visual
Guard in your application.
- vg_UserAdminAccess: This role must be granted
to a user account that will need to access the Visual Guard console
as User Administrator. This role allows you to create or edit
user accounts and to grant roles to this user.
- vg_DeveloperAccess: This role must be granted
to a user account that will need to access the Visual Guard console
as Developer. This role allows you to create or edit user accounts,
roles, applications, permissions and permission sets.
- vg_FullAccess: This role must be granted to
a user account that will need to access the Visual Guard console
as Master Administrator. This role allows you to create or edit
all Visual Guard entities and to drop the repository.
During the authentication process, if the database account does not
have access to the repository, the process will fail and the user
will not be authenticated. |
