How to store a repository in a database
Visual Guard allows you to store its repository in a database. Visual Guard supports Microsoft SQLServer (2000 or higher) and Oracle (8i or higher). Visual Guard needs to create tables, stored procedures and roles to store its information.
To do that, you must run the "Repository Creation" wizard in Visual Guard console (select the root item in the tree view, right-click and select the option "Add repository").
Select the option "Create a new empty repository" then click on the "Next" button.
In the next page, select the item corresponding to your database (Oracle or SQLServer) then click on the "Next" button.*
The following page allows you to indicate the information used to connect to the database. You must provide a user account that will be able to create the database objects (tables, stored procedures...). When you click on the button “Next”, Visual Guard creates the database objects in the database. All Visual Guard database objects are prefixed by "vg_".
- For Oracle Database Installation: Visual Guard will
create database objects in the schema associated to the specified user
account (we recommend that you create a specific schema for Visual Guard
repository). If your database DBA wants to create the database manually,
you can find the database creation script in the directory <Visual
Guard installation directory>\VisualGuardConsole\Database\Oracle.
The DBA can use the script "Install.sql" and adapt it to create
the database objects. It is necessary to modify the script to change
the value <VISUAL_GUARD_SCHEMA> to the name of the schema that
will contain the Visual Guard database objects.
- For SQLServer Database Installation: Visual Guard
will create the database objects in the specified database. The default
database name is "visualguarddb". If your database DBA wants
to create the database manually, you can find the database creation
script in the directory <Visual Guard installation directory>\VisualGuardConsole\Database\SQLServer.
The DBA can use the script "Install.sql" and adapt it to create
the database objects. If the repository creation wizard does not detect
the database, Visual Guard will create it.
If the wizard does not detect Visual Guard database objects, Visual Guard
will use the SQL script files to create the database objects.
If the wizard detects that the database objects are already created, the
wizard will ask if you want to drop them or keep them.
If you have created the database objects manually, you must answer that
you want to keep them.
In the next page, you must indicate which authentication mode you want
to use.
For Visual Guard authentication mode: Visual Guard will
use the Visual Guard built-in users to authenticate the user. In this
case, Visual Guard will use the connection string specified in the VisualGuardConfiguration.config
to connect to the database.
For Windows authentication mode: Visual Guard will use
the current Windows account to authenticate the user. In this case, Visual
Guard will use the connection string specified in the VisualGuardConfiguration.config
to connect to the database.
For Database authentication mode: Visual Guard will use
the database authentication mechanism to authenticate the user. In this
case, Visual Guard will use the connection string specified in the VisualGuardConfiguration.config
and replace the current credentials with the credentials provided by the
user.
The last page allows you to define the name of the repository and the
user account used as the default Master Administrator of the repository.
When you click on the button "Finish", the wizard will initialize
the repository.
How to grant access to the Visual Guard repository
When Visual Guard needs to authenticate a user, it must be connected to the database. The database account used to connect to the database must have access to the Visual Guard database objects. This account is specified in the configuration file or provided by the user for Database authentication mode. (If you use Integrated Security options in the connection string, the Windows account must have access to the Visual Guard database objects.)To grant access to these database objects, Visual Guard uses four database roles:
- vg_BasicAccess: This role must be granted to a user account that will need to be authenticated by Visual Guard in your application.
- vg_UserAdminAccess: This role must be granted to a user account that will need to access the Visual Guard console as User Administrator. This role allows you to create or edit user accounts and to grant roles to this user.
- vg_DeveloperAccess: This role must be granted to a user account that will need to access the Visual Guard console as Developer. This role allows you to create or edit user accounts, roles, applications, permissions and permission sets.
- vg_FullAccess: This role must be granted to a user account that will need to access the Visual Guard console as Master Administrator. This role allows you to create or edit all Visual Guard entities and to drop the repository.
During the authentication process, if the database account does not have access to the repository, the process will fail and the user will not be authenticated.