Login
    Contenu x
    Database user accounts
    • 08 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Database user accounts

    • Mis à jour le 08 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    It is important to consider which database user accounts will be used when installing, running, and managing OneSpan Authentication Server. There are a few main roles that need to be considered:

    • Schema creator. A database user account is needed to create the tables used by OneSpan Authentication Server. Typically this would be either a fully privileged DBA account, or the account that will own the schema.
    • Schema owner. This may be the same as the schema creator. If not, the schema creator can transfer ownership of the new tables after they have been created.
    • OneSpan Authentication Server account. This may be the same as the schema creator or owner, but you may prefer to use a dedicated account with less privileges.

    A few elements need to be taken into account when setting up these database user accounts:

    Table permissions

    The following permissions are required by the OneSpan Authentication Server account:

    Table:  Required table permissions
    TableRequired permissions
    vdsControlSELECT, INSERT*, UPDATE*
    All other tablesSELECT, INSERT, UPDATE, DELETE

    Access to another schema

    Depending on the database type, there may be a problem with the OneSpan Authentication Server database user account accessing the tables from another schema/user account. OneSpan Authentication Server will access the tables according to the table names that are defined in the vdsControl table.

    If the tables are not accessible by the OneSpan Authentication Server account without qualifying the table name (e.g. schema.table), there are a few ways to solve the problem:

    • Set the default schema or database. Some databases allow you to specify the schema or database a database user account will use by default when logging on. This may be a setting in the database itself or the ODBC data source
    • Create views. You can create a view in the OneSpan Authentication Server account's own schema for each table that provides access to the table. The view names should match the table names. However, be careful that your database type permits the necessary INSERT, UPDATE and DELETE operations on the views (see Table: Required table permissions). Some database types provide only limited support for those operations or disallow them all.
    • Modify the vdsControl table. Provided that all applicable database user accounts need the schema qualifier in front of the table names, you can safely modify the vdsControl table entries to add the schema qualifier. If you have just one OneSpan Authentication Server account, this will be safe.

    Another solution is to create a vdsControl table in each applicable database user account's schema, which contains the necessary schema qualifier. However this is not recommended, as it is complex to set up and maintain, as there are other settings in the vdsControl table other than the table names. If not perfectly kept in synch, this will result in different settings in each table.

    To modify the vdsControl table

    1. Make sure that the vdsControl table can be accessed.

      OneSpan Authentication Server uses a configuration setting in its configuration file (identikeyconfig.xml) to identify the vdsControl table name:

      VASCO > Storage > ODBC > Data-Sources > Data-Sourcesnn > Control-Table

      where nn is 01 for the first data source, 02 for the next, and so on. Each data source must be configured separately.

      By default, the configuration file identikeyconfig.xml is located in the following folder:

      /etc/vasco/ias (Linux)

      %PROGRAMFILES%\VASCO\IDENTIKEY Authentication Server\bin (Windows)

    2. Update the remaining table names using the vdsControl table.

      The vdsControl table contains data rows that specify the names of the individual database tables used (see Table: Table names in the vdsControl table). Modify the vdsControl table entries that define the table names using your database's SQL utility.

      Table:  Table names in the vdsControl table
      Table (vdsValue)vdsName
      vdsAdminadmin_table
      vdsAdminDomainsadmindomains_table
      vdsAuditMsgaudit_msg_table
      vdsAuditMsgFieldaudit_msg_fld_table
      vdsBackEndbackend_table
      vdsBlobblob_table
      vdsComponentcomp_table
      vdsConfigurationconfiguration_table
      vdsDPApplicationdpappl_table
      vdsDPSoftParamsdpsoft_params_table
      vdsDigipassdp_table
      vdsDomaindomain_table
      vdsKeykey_table
      vdsOfflineDataoffline_auth_data_table
      vdsOrgUnitorg_table
      vdsPendingOperationpendingoperation_table
      vdsPersistentCachepersistentcache_table
      vdsPolicypolicy_table
      vdsReportreport_table
      vdsReportFieldreport_field_table
      vdsReportFormatreport_format_table
      vdsStoredReportstoredreport_table
      vdsTasktask_table
      vdsUseruser_table
      vdsUserAttruser_attr_table
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle