The Track-It! 20.xx installation creates several SQL accounts during and after installation. This article explains the SQL accounts that are used and created as well as their access levels and how this structure provides tight security over your data.
We create SQL accounts as follows:
- _SMSYSADMIN_ : This login is used for administrative purposes such as creating technicians in the database. It is granted the db_owner role on the Track-It! database.
- _SMDBA_: Used for administrative purposes. The schema associated with this login is used to create tables/views that only technicians with “system admin” permissions can access.
- SYSTEMACCOUNT: This login has the SMSYSDBA role, and is used for administrative purposes.
- SELFSERVICE: This account is used when a requestor logs into self-service portal.
- ADMINISTRATOR (*): Default technician account.
- SYSTEM ADMINISTRATION (*): Default group.
- HELP DESK (*): Default group
- bcmdbuser: This login is created only when BCM is also installed. This login is granted the db_owner, db_datareader and db_datawriter roles on the BCM database.
(*): A new login is created when new technician/group is created.
It is important to note:
Track-It! does NOT create any SQL accounts with admin access to the whole SQL server. This ensures neither users nor the application can access anything on the SQL server outside of the Track-It! database.
The SQL accounts created for individual technicians do NOT have admin rights on the server or the Track-It! database.
This design allows tight database level logging and control over each Technician login and its access permissions to the application, the various Track-It! modules and Track-It! data.
This security design is based on a model that has been well tested and secure in other BMC products that use a similar architecture