Book a Demo

Author Topic: Cloud Service user  (Read 6996 times)

Uffe

  • EA Practitioner
  • ***
  • Posts: 1859
  • Karma: +133/-14
  • Flutes: 1; Clarinets: 1; Saxes: 5 and counting
    • View Profile
Cloud Service user
« on: July 07, 2016, 12:25:40 am »
Hi all,


I'm helping a client set up a cloud service for their intranet, specifically to enable reusable assets. The environment is all-Windows, with SQL Server for the DBMS. IIS extensions will not be used.

We're using domain groups to control database access, and out of the box the Cloud Service sets itself up to be run by the local System user, which doesn't have access to any databases.

What is the best practice in this situation?

Should we create a local user on the server, give it access to the database, and make the Cloud Service run as that user?

Or should we give the local System user database access? This sounds iffy to me.

Any suggestions appreciated,


/Uffe
My theories are always correct, just apply them to the right reality.

smendonc

  • EA User
  • **
  • Posts: 148
  • Karma: +5/-0
  • I love YaBB 1 Gold!
    • View Profile
Re: Cloud Service user
« Reply #1 on: July 07, 2016, 05:55:42 am »
I don't know if its a best practice, however I've used the first option (or variant) proposed in the past i.e. create a local service account that can access the database - assuming the database and cloud service are running on the same machine.  If the database and cloud service are on different machines, you might have to create a domain account as the service account and add it to the security group just like a regular user.

It's probably not a good idea as noted to grant the local system user access to the database.

qwerty, the cloud service exposes the repository via http calls from a web server included with the service.  The web server in turn communicates with a Windows service that connects to the database and runs the actual queries whose results get repackaged back into content for the EA client.

Stan.

PeterHeintz

  • EA Practitioner
  • ***
  • Posts: 1001
  • Karma: +59/-18
    • View Profile
Re: Cloud Service user
« Reply #2 on: July 07, 2016, 05:00:15 pm »
Hello Uffe,
we are doing pretty the same as mentioned by smendonc.
Best regards,

Peter Heintz

Uffe

  • EA Practitioner
  • ***
  • Posts: 1859
  • Karma: +133/-14
  • Flutes: 1; Clarinets: 1; Saxes: 5 and counting
    • View Profile
Re: Cloud Service user
« Reply #3 on: July 07, 2016, 05:49:13 pm »
OK, thanks guys.

The cloud service will indeed run on the same host as the database server, so a local account will fit the bill nicely.

Thanks again,


/Uffe
My theories are always correct, just apply them to the right reality.