ESdat offers the ability to control permissions using a User Name / Password combination, or using Windows Authentication.
The following levels of permission are provided with standard databases.
Role Membership: DBO
Only a few "power" users should have dbo access, most users would typically have read/write access permissions. (below).
DBO permissions are required to
•modify any of the lookup tables,
•set projects as inactive (or back to active)
•do any tasks under the top section of the ESdat Setup menu.
•customize database schema, such as edit output views, tables or fields
•allocate permissions to users with Read-Only permissions
Role Membership: db_datareader, db_datawriter, ESdat_APP_REQUIREMENTS
Users with Read/Write permissions can select which sites they will have access to. Therefore they are able to access any site in the database.
Edits can only be made to sites which they have granted themselves access to, and which have active projects.
Can’t make themselves an owner of a Chemistry Profile, although they can create an additional Chemistry Profile and will automatically be an owner.
Can't modify Chemistry Settings under zRef_Chemistry_Lookup_Profiles, unless they are the owner of the profile
Can't edit Environmental Standards, unless they are the person who added them.
Can't change settings in the top section of the Setup Menu.
Role Membership: ESdat_READ_ONLY, ESdat_APP_REQUIREMENTS
Users with Read Only permissions can only see the sites for which they have permission, as assigned by a database owner.
Can't see anything under "Data Tables". Can only use standard views under the Data-Type buttons.
If required, additional restrictions or permissions can be implemented by use of standard SQL Server functionality. All security is implemented within the database, and no additional security is provided through the ESdat application. This prevents users attempting to bypass security through entering database connection information into other applications.
Documentation of these security roles used to implement permissions would be of interest to users attempting to bypass security. Therefore the documentation is not provided in electronic form. The documentation may be provided upon request and at our discretion and will be in hard-copy format which must not be stored electronically or further distributed.