Enzo Server
  Quick Start
  Core Features
    Async Calls
    Edge Cache
    HTTP Access
  Advanced Capabilities
    Change Data Capture
    Configuration Settings
    Logins & ACL
    Current Executions
    Linked Server

  User Guides
     Sharding Overview


    All Adapters

    Create A Simple Adapter
    Best Practices
    Developer Guide
      Handler Columns
      Handler Options
      Handler Decorators
      Dynamic Columns
      Table & Table Enumerators
      Virtual Tables



Enzo Server provides fine-grained access control for logins allowing you to manage Authentication and Authorization settings.

Managing ACL requires Enzo Server Standard Edition or higher.

Enzo Manager

The simplest way to define and manage ACLs is to use Enzo Manager. You must connect to an Enzo Server with the 'sa' account. To manage logins and ACLs, click on the Configuration->Manage Logins menu.

By default Enzo Server is configured with two logins: sa and anonymous. These are internal accounts for which ACL settings do not apply. The anonymous account is used for certain HTTP callback requests that do not require authentication.

This screen allows you to manage the logins of the selected Enzo Server. Selecting a login shows the ACL configuration by adapter in the bottom half of the screen. By default, newly created logins do not have access to any adapter.

You must first GRANT Access to the BSC database, under which all the adapters are loaded. Then you can GRANT or DENY access to individual adapters. You can grant access to all handlers (GRANT ALL), or choose which handlers are granted/denied (GRANT CONNECT).

Changing ACLs take effect automatically within a few seconds.

From the same screen you can manage the AuthToken of a login. The AuthToken is used to authenticate HTTP requests.

Using SQL Commands

You can programmatically manage logins and ACL through SQL commands. To explore the security operations available through Enzo Server using SQL commands, connect to Enzo Server using SQL Server Management Studio and run the following command:


The following commands can be used to manage ACL and create/drop logins:

Hander Name

Table Name

Description Create a new account Disables a login account Enables a login account Retrieves the accountId for a login name accountacl Retrieves the ACL for an account accounts List of logins defined Removes a specific ACL entry Sets the ACL for an account Create a login account Drop a login account Change the password of a login account Update account information Updates the ACL for a specific ACL entry Updates the AuthToken of a login. When null a new AuthID will be generated.


The following shows how to query the list of accounts and return the current ACL for a specific login account.

SELECT * FROM where accountid=2

The ACLs show that this user has GRANT CONNECT permissions on the Twitter adapter, and can execute the Timeline handler on the Twitter adapter. This account also has GRANT ALL permissions on the Files adapter.

You can inspect the parameters of each handler by executing the help command. For example to get help on the setACL handler, run this command:

EXEC help