Visual Guard: How to store a repository in a database

How to store a repository in a database

Visual Guard allows you to store its repository in a database. Visual Guard supports Microsoft SQLServer (2000 or higher) and Oracle (8i or higher). Visual Guard needs to create tables, stored procedures and roles to store its information.

To do that, you must run the "Repository Creation" wizard in Visual Guard console (select the root item in the tree view, right-click and select the option "Add repository").

Select the option "Create a new empty repository" then click on the "Next" button.

In the next page, select the item corresponding to your database (Oracle or SQLServer) then click on the "Next" button.*

The following page allows you to indicate the information used to connect to the database. You must provide a user account that will be able to create the database objects (tables, stored procedures...). When you click on the button “Next”, Visual Guard creates the database objects in the database. All Visual Guard database objects are prefixed by "vg_".

  • For Oracle Database Installation: Visual Guard will create database objects in the schema associated to the specified user account (we recommend that you create a specific schema for Visual Guard repository). If your database DBA wants to create the database manually, you can find the database creation script in the directory <Visual Guard installation directory>\VisualGuardConsole\Database\Oracle. The DBA can use the script "Install.sql" and adapt it to create the database objects. It is necessary to modify the script to change the value <VISUAL_GUARD_SCHEMA> to the name of the schema that will contain the Visual Guard database objects.
  • For SQLServer Database Installation: Visual Guard will create the database objects in the specified database. The default database name is "visualguarddb". If your database DBA wants to create the database manually, you can find the database creation script in the directory <Visual Guard installation directory>\VisualGuardConsole\Database\SQLServer. The DBA can use the script "Install.sql" and adapt it to create the database objects. If the repository creation wizard does not detect the database, Visual Guard will create it.

If the wizard does not detect Visual Guard database objects, Visual Guard will use the SQL script files to create the database objects.

If the wizard detects that the database objects are already created, the wizard will ask if you want to drop them or keep them.

If you have created the database objects manually, you must answer that you want to keep them.

In the next page, you must indicate which authentication mode you want to use.

For Visual Guard authentication mode: Visual Guard will use the Visual Guard built-in users to authenticate the user. In this case, Visual Guard will use the connection string specified in the VisualGuardConfiguration.config to connect to the database.

For Windows authentication mode: Visual Guard will use the current Windows account to authenticate the user. In this case, Visual Guard will use the connection string specified in the VisualGuardConfiguration.config to connect to the database.

For Database authentication mode: Visual Guard will use the database authentication mechanism to authenticate the user. In this case, Visual Guard will use the connection string specified in the VisualGuardConfiguration.config and replace the current credentials with the credentials provided by the user.
The last page allows you to define the name of the repository and the user account used as the default Master Administrator of the repository. When you click on the button "Finish", the wizard will initialize the repository.

How to grant access to the Visual Guard repository

When Visual Guard needs to authenticate a user, it must be connected to the database. The database account used to connect to the database must have access to the Visual Guard database objects. This account is specified in the configuration file or provided by the user for Database authentication mode. (If you use Integrated Security options in the connection string, the Windows account must have access to the Visual Guard database objects.)

To grant access to these database objects, Visual Guard uses four database roles:

  • vg_BasicAccess: This role must be granted to a user account that will need to be authenticated by Visual Guard in your application.
  • vg_UserAdminAccess: This role must be granted to a user account that will need to access the Visual Guard console as User Administrator. This role allows you to create or edit user accounts and to grant roles to this user.
  • vg_DeveloperAccess: This role must be granted to a user account that will need to access the Visual Guard console as Developer. This role allows you to create or edit user accounts, roles, applications, permissions and permission sets.
  • vg_FullAccess: This role must be granted to a user account that will need to access the Visual Guard console as Master Administrator. This role allows you to create or edit all Visual Guard entities and to drop the repository.

During the authentication process, if the database account does not have access to the repository, the process will fail and the user will not be authenticated.