LOGINS & ACL
Managing ACL requires Enzo Server Standard Edition or higher.
The simplest way to define and manage ACLs is to use Enzo Manager. You must connect to an Enzo Server with the 'sa' account. To manage logins and ACLs, click on the Configuration->Manage Logins menu.
By default Enzo Server is configured with two logins: sa and anonymous. These are internal accounts for which ACL settings do not apply. The anonymous account is used for certain HTTP callback requests that do not require authentication.
This screen allows you to manage the logins of the selected Enzo Server. Selecting a login shows the ACL configuration by adapter in the bottom half of the screen. By default, newly created logins do not have access to any adapter.
You must first GRANT Access to the BSC database, under which all the adapters are loaded. Then you can GRANT or DENY access to individual adapters. You can grant access to all handlers (GRANT ALL), or choose which handlers are granted/denied (GRANT CONNECT).
Changing ACLs take effect automatically within a few seconds.
From the same screen you can manage the AuthToken of a login. The AuthToken is used to authenticate HTTP requests.
Using SQL Commands
You can programmatically manage logins and ACL through SQL commands. To explore the security operations available through Enzo Server using SQL commands, connect to Enzo Server using SQL Server Management Studio and run the following command:
The following commands can be used to manage ACL and create/drop logins:
|instance.security.createAccount||Create a new account|
|instance.security.disableAccount||Disables a login account|
|instance.security.enableAccount||Enables a login account|
|instance.security.getAccountId||Retrieves the accountId for a login name|
|instance.security.listAccountACL||accountacl||Retrieves the ACL for an account|
|instance.security.listAccount||accounts||List of logins defined|
|instance.security.removeACL||Removes a specific ACL entry|
|instance.security.setACL||Sets the ACL for an account|
|instance.security.sp_addlogin||Create a login account|
|instance.security.sp_droplogin||Drop a login account|
|instance.security.sp_password||Change the password of a login account|
|instance.security.updateAccount||Update account information|
|instance.security.updateACL||Updates the ACL for a specific ACL entry|
|instance.security.updateAuthToken||Updates the AuthToken of a login. When null a new AuthID will be generated.|
The following shows how to query the list of accounts and return the current ACL for a specific login account.
SELECT * FROM instance.security.accounts SELECT * FROM instance.security.accountacl where accountid=2
The ACLs show that this user has GRANT CONNECT permissions on the Twitter adapter, and can execute the Timeline handler on the Twitter adapter. This account also has GRANT ALL permissions on the Files adapter.
You can inspect the parameters of each handler by executing the help command. For example to get help on the setACL handler, run this command:
EXEC instance.security.setACL help