Introduction

Enzo Server
  Installation
  Quick Start

  Core Features
    Async Calls
    ConnectionStrings
    Edge Cache
    Scheduling
    Views

  Advanced Capabilities
    Change Data Capture

  Administration
    Configuration Settings
    Logins & ACL
    Auditing
    Current Executions
    Linked Server
    SSL

/administration/loginsacl




LOGINS & ACL


Enzo Server provides fine-grained access control for logins allowing you to manage Authentication and Authorization settings.

Managing ACL requires Enzo Server Standard Edition or higher.


Enzo Manager

The simplest way to define and manage ACLs is to use Enzo Manager. You must connect to an Enzo Server with the 'sa' account. To manage logins and ACLs, click on the Configuration->Manage Logins menu.


By default Enzo Server is configured with two logins: sa and anonymous. These are internal accounts for which ACL settings do not apply. The anonymous account is used for certain HTTP callback requests that do not require authentication.


This screen allows you to manage the logins of the selected Enzo Server. Selecting a login shows the ACL configuration by adapter in the bottom half of the screen. By default, newly created logins do not have access to any adapter.

You must first GRANT Access to the BSC database, under which all the adapters are loaded. Then you can GRANT or DENY access to individual adapters. You can grant access to all handlers (GRANT ALL), or choose which handlers are granted/denied (GRANT CONNECT).


Changing ACLs take effect automatically within a few seconds.



From the same screen you can manage the AuthToken of a login. The AuthToken is used to authenticate HTTP requests.


Using SQL Commands

You can programmatically manage logins and ACL through SQL commands. To explore the security operations available through Enzo Server using SQL commands, connect to Enzo Server using SQL Server Management Studio and run the following command:


EXEC instance.security.help

The following commands can be used to manage ACL and create/drop logins:

Hander Name

Table Name

Description

instance.security.createAccount Create a new account
instance.security.disableAccount Disables a login account
instance.security.enableAccount Enables a login account
instance.security.getAccountId Retrieves the accountId for a login name
instance.security.listAccountACL accountacl Retrieves the ACL for an account
instance.security.listAccount accounts List of logins defined
instance.security.removeACL Removes a specific ACL entry
instance.security.setACL Sets the ACL for an account
instance.security.sp_addlogin Create a login account
instance.security.sp_droplogin Drop a login account
instance.security.sp_password Change the password of a login account
instance.security.updateAccount Update account information
instance.security.updateACL Updates the ACL for a specific ACL entry
instance.security.updateAuthToken Updates the AuthToken of a login. When null a new AuthID will be generated.

Example

The following shows how to query the list of accounts and return the current ACL for a specific login account.


SELECT * FROM instance.security.accounts
SELECT * FROM instance.security.accountacl where accountid=2

The ACLs show that this user has GRANT CONNECT permissions on the Twitter adapter, and can execute the Timeline handler on the Twitter adapter. This account also has GRANT ALL permissions on the Files adapter.

You can inspect the parameters of each handler by executing the help command. For example to get help on the setACL handler, run this command:


EXEC instance.security.setACL help