I have installed Vault Server on a web server. I configured Vault to use the Network Service Account.
Inside Vault Admin, I configured Vault to use my Windows Active Directory accounts.
I have installed Vault Client on my developer's workstations.
When they launch the Client tool, they are presented with a logon screen, asking for user, password and vault server (db).
Question: Do I have to give each developer access to the database or is the connection going through the Network Service account?
Thanks
btd
How Does Security Work in Vault
Moderator: SourceGear
Users never access the database directly. When you install Vault, a login to SQL Server is created for a user that will access the database for Vault operations.
Vault will use either the account you chose for the IIS Process Model when you installed Vault (like Network Service) or will create an sgvaultuser account in SQL Server if you chose to use SQL Server authentication in the SQL Server Setup portion of the installation.
If you want users to login using their Active Directory credentials, you need to use a custom account for the IIS Process Model. So Vault might be using this custom account to access the SQL Server database.
Vault will use either the account you chose for the IIS Process Model when you installed Vault (like Network Service) or will create an sgvaultuser account in SQL Server if you chose to use SQL Server authentication in the SQL Server Setup portion of the installation.
If you want users to login using their Active Directory credentials, you need to use a custom account for the IIS Process Model. So Vault might be using this custom account to access the SQL Server database.
Linda Bauer
SourceGear
Technical Support Manager
SourceGear
Technical Support Manager
How Does Security Work in Vault
Linda:
When you say custom account are you referring to the Domain Account that is used to impersonate? I think I remember reading where this account must have Domia or Local Group Policy set up to Logon Locally, Logon as batch, Logon as service. Is my understanding correct?
Also is there any loss in functionality if I chose to grant the Domain account the above rights to the web server olny (ie Local security Policy) or di I have to do it at the Domain level.
Finally, does the Domain Account need any additonal rights than the ones above? In other words, does he need to be Domain Admin too?
Thanks
btd
When you say custom account are you referring to the Domain Account that is used to impersonate? I think I remember reading where this account must have Domia or Local Group Policy set up to Logon Locally, Logon as batch, Logon as service. Is my understanding correct?
Also is there any loss in functionality if I chose to grant the Domain account the above rights to the web server olny (ie Local security Policy) or di I have to do it at the Domain level.
Finally, does the Domain Account need any additonal rights than the ones above? In other words, does he need to be Domain Admin too?
Thanks
btd