Implementing Security for DBEUsers and DBEAdmins Groups
Use the following procedure to create a Windows user group that has administrator privileges in Enterprise Server, but whose members are not required to be Windows Administrators. Users in this group will be able to add new sources, change properties, and delete log files.
By default, only members of the predefined Administrators group have the right to modify the Enterprise Server configuration.
- In Windows, log on as an Administrator.
- In the Microsoft Management Console, create a user group called DBEAdmins. Members of this group will have Enterprise Server administrator privileges. Optionally, create a group called DBEUsers. Members of this group will only be able to run DATABridge Enterprise (that is, they won't have administrator privileges). For instructions on creating user groups, see the Windows Help.
- At a command prompt, change the directory to the working directory, which defaults to one of the following:
C:\Documents and Settings\All Users\Attachmate\DATABridge\Enterprise
- Type the following commands:
icacls Logs /grant DBEUsers:(CI)(W,WA,WEA)
icacls Logs /grant DBEAdmins:(CI)(W,WA,WEA,D)
icacls Config /grant DBEUsers:(CI)(R,RA,REA)
icacls Config /grant DBEAdmins:(CI)(R,RA,REA,W,WA,WEA,D)
- In the Registry Editor window, right-click HKEY_LOCAL_MACHINE\SOFTWARE\Attachmate\DATABridge\Enterprise\6.2 and choose Permissions.
- Click Add.
- In the Enter the object names to select dialog box, type DBEAdmins, and click OK.
- Select the Allow box next to Full Control and click OK.