PLATFORMS SOLUTIONS BLOGS CONTACT

/administration/loginsacl




LOGINS & ACL


Enzo Server provides fine-grained access control for logins allowing you to manage Authentication and Authorization settings.

Managing ACL requires Enzo Server Standard Edition or higher.


Enzo Manager

The simplest way to define and manage ACLs is to use Enzo Manager. You must connect to an Enzo Server with the 'sa' account. To manage logins and ACLs, click on the Configuration->Manage Logins menu.


By default Enzo Server is configured with two logins: sa and anonymous. These are internal accounts for which ACL settings do not apply. The anonymous account is used for certain HTTP callback requests that do not require authentication.


This screen allows you to manage the logins of the selected Enzo Server. Selecting a login shows the ACL configuration by adapter in the bottom half of the screen. By default, newly created logins do not have access to any adapter.

You must first GRANT Access to the BSC database, under which all the adapters are loaded. Then you can GRANT or DENY access to individual adapters. You can grant access to all handlers (GRANT ALL), or choose which handlers are granted/denied (GRANT CONNECT).


Changing ACLs take effect automatically within a few seconds.



From the same screen you can manage the AuthToken of a login. The AuthToken is used to authenticate HTTP requests.


Using SQL Commands

You can programmatically manage logins and ACL through SQL commands. To explore the security operations available through Enzo Server using SQL commands, connect to Enzo Server using SQL Server Management Studio and run the following command:


EXEC instance.security.help

The following commands can be used to manage ACL and create/drop logins:

Hander Name

Table Name

Description

instance.security.createAccount Create a new account
instance.security.disableAccount Disables a login account
instance.security.enableAccount Enables a login account
instance.security.getAccountId Retrieves the accountId for a login name
instance.security.listAccountACL accountacl Retrieves the ACL for an account
instance.security.listAccount accounts List of logins defined
instance.security.removeACL Removes a specific ACL entry
instance.security.setACL Sets the ACL for an account
instance.security.sp_addlogin Create a login account
instance.security.sp_droplogin Drop a login account
instance.security.sp_password Change the password of a login account
instance.security.updateAccount Update account information
instance.security.updateACL Updates the ACL for a specific ACL entry
instance.security.updateAuthToken Updates the AuthToken of a login. When null a new AuthID will be generated.

Example

The following shows how to query the list of accounts and return the current ACL for a specific login account.


SELECT * FROM instance.security.accounts
SELECT * FROM instance.security.accountacl where accountid=2

The ACLs show that this user has GRANT CONNECT permissions on the Twitter adapter, and can execute the Timeline handler on the Twitter adapter. This account also has GRANT ALL permissions on the Files adapter.

You can inspect the parameters of each handler by executing the help command. For example to get help on the setACL handler, run this command:


EXEC instance.security.setACL help








601 21st St Suite 300
Vero Beach, FL 32960
United States

(561) 921-8669
info@enzounified.com
terms of service
privacy policy

PLATFORM

ENZO SERVER
ENZO DATAZEN

SOLUTIONS

SOLUTIONS OVERVIEW
INTEGRATION
SaaS
CLOUD ANALYTICS

RESOURCES

DOWNLOAD
BLOGS & VIDEOS
IN THE NEWS
ENZO ADAPTERS
ONLINE DOCUMENTATION
TCO CALCULATOR

COMPANY

LEADERSHIP TEAM
PARTNERS


© 2023 - Enzo Unified