Maven Security Setup

Maven controls user permissions in the software through the user of Database roles in the SQL Server Database. All of the AgWare specific roles begin with “UAAR_”. Version 1.0 does not provide a tool other than SQL Server management studio for controlling these roles.

For end users, only active directory accounts are supported. IIS will capture the users AD identity and compare it against users or group added to the individual roles.

Unlike DataLog and ClickForms Maven does not connect to the database as the end user. Instead the connection will be made based on the IIS Application settings and connection string. The application will connect either as a single AD user – that is the user the Application Pool is running as, or a SQL User as defined in the application connection string.

Role Definitions

This user has access to search for and view sales in the database but cannot execute the stored procedures that insert or update sales data.

This user has access to search for and view sales and insert or update sales. In order to insert or update sales, users must also have permissions to a specific Access Group.

This user has all of the same rights as the UAAR_User. In addition, the Power User has read access to additional supporting tables and views. This access is intended for users who need direct access to the database for ad hoc reporting.

This access is intended for the user who is not a BusinessAdmin user, but who needs to be able to delete sales.

These users have access to set up Rule Sets and the Sale Index. As part of that setup, they can control the Server Responses. This includes marking responses as approved and merging responses to clean up sale data.
The UAAR_BusinessAdmin role is also required to delete sales from the Enterprise database.

This user has access to set up Database Roles and Access Groups. In order to set up Database Roles for new users, a SQL database user may need to be added. To accomplish this the UAAR_SystemAdmin role is granted the system role of db_securityadmin. If a domain account or group is given access to a database role and that user is not a user in the database, the system stored procedure sp_grantDBaccess is executed to grant that user access.

Not Used

UAAR_Range Setup
The user can setup and Maintain Range of Values in DataLog

User can create and edit models. This includes everything under the top level “Setup” item

User can create a new appraisal or evaluation. This user automatically has the  UAAR_SubjectEntry permissions as well.

User can search for and view appraisal reports or evaluations saved in the system.

Allows the user to enter new subject properties

Allows the user to apply a second signature to complete reports started by trainees.

Should be used by the user connecting to the database from the Web Application. As an alternate the web user can be DBO.