Solved

How can I create a RDBMS user with roles from the end product?

  • 8 March 2019
  • 3 replies
  • 227 views

Userlevel 7
Badge +23
For a project, we would like to be able to create RDBMS users from inside the end product. For context, we are using a configurator inside the end product from where we are able to enter the first employee of a new company. We would like to make that employee be able to log in after we finished the configuration.

I know which steps to take if I do it by hand; namely: sync my application to IAM, apply the roles to the database, create an IAM user, connect the user to a role, apply the user rights to the end product database and IAM database. Then the user is able to log in.

But now I would like the end product to do this process. I'm able to create an user in IAM and give the user the right user group. Now I'm stuck because I can't apply the user rights to the end product database and IAM database. I noticed these tasks aren't Stored Procedures on the SQL database.

So the question is, how can I make this work? I heard that in other projects people have run into these challenges too so I would like to hear what their solution are/were.
icon

Best answer by Mark Jongeling 12 March 2019, 13:19

View original

3 replies

Userlevel 7
Badge +23
Solved by Applying the roles to the database and the IAM-database. Then using the code from the Apply user roles to (IAM-)database tasks, I recreated them in my application. Now I can make users from inside the End product.
The information I needed was the login name, authentication type (RDBMS) and user group.
Userlevel 7
Badge +23
Hi Mark,

Before I get all technical about how to manually apply rights on the database, there might be an easier solution.

Is it an option to use IAM-authentication accounts instead of RDBMS-authentication accounts?


Hey Anne,

The IAM-authentication is momentarily not the option since our client has customers running Citrix. I did create the option in our software to create IAM-authentication users and it already works. But this is an exception that needs to be implemented. I already did some research and I came to the conclusion that I need to re-create the tasks available in IAM, namely: Apply user rights to database and Apply user rights to IAM database.

(Required is that I already defined the roles and user groups in IAM and applied those to the database. Then the following is possible)

The code in these tasks is readable and I already too a look at it. What I now need to do is make it dynamically so it can create users and connect them in IAM to the right user group(s) and give them the right database roles on both databases.
Userlevel 7
Badge +5
Hi Mark,

Before I get all technical about how to manually apply rights on the database, there might be an easier solution.

Is it an option to use IAM-authentication accounts instead of RDBMS-authentication accounts?

Reply