Security Key Code
When opening User Access settings, you
will be prompted
to enter a security
key code if Visual
APS does not detect
you as a system administrator. The security key code is unique to your LYNQ licence and
can be obtained by contacting the
LYNQ Support Team.
Application Role
When using the application role,
the only way users
will be granted permissions to the database is via
the Visual APS application. This
is the most secure method of accessing
the database.
Installation Folder
You must ensure
that all users have
read/write access
to the application
installation folder
otherwise the
application role
setting may fail
to save when
turning the
setting on.
|
Visual APS is an application which is installed locally on a PC or in a terminal/citrix server environment. Users are authenticated using either Windows Authentication of SQL Database Authentication. When launching Visual APS for the first time you must first logon as a SQL administrator as tables, views, functions and procedures are created at this time. After the SQL objects are created you will be prompted to assign Visual APS licences for the users of the application. In the User Access screen, you must enter the users windows logon name (excluding domain name) regardless if you are using Windows of SQL authentication or Explicit or Application Role permissions. If you have chosen to use the application role as your security model you can turn the application role on at this stage. The application role is a setting in the application configuration file (visualplanner.exe.config) which resides on each client PC.
This article explains how to:
- Grant the new user a licence seat
- Configure SQL security (by user or group)
- Install the Visual APS Client
New users must be granted a seat from within Visual APS before they will be able to open any company within the application. Prior to installing the Visual APS client software complete the following steps from a working Visual APS installation.
To grant the user a seat:
- Logon to Visual APS as a system administrator
- Click on File > Settings > User Access
- Locate the next available row where the User Name field contains the value Specify User's domain name user here
- Enter the network user name of the new user. (Do NOT prefix the username with the domain name)
To configure Microsoft SQL Security for APS Users:
Before users can successfully connect to a company in Visual APS the user must be granted sufficient Microsoft SQL security privileges. Visual APS supports both Windows Authentication and SQL Database Authentication. Prior to installing the application you must first consider the authentication model to use and then setup the application users in SQL accordingly. When using Windows Authentication, users need to be added individually or for ease of management, add the users to an active directory security group (i.e. VisualAPSUsers) and then include the group as a windows login in Microsoft SQL.
The assignment of permissions can be configured in one of two ways
By adding the user/AD group to the db_datareader role, db_datawriter role or db_owner role in the Enterprise Resource Planning database to assign explicit permissions. To grant the roles explicitly follow the steps below.
- Open the SQL Management Studio
- Expand the Security Folder
- Create a new logon or select an existing logon (either Windows User/Group or SQL user)
- Right click on the Logon and select properties
- Select User Mapping
- Place a check mark in the Enterprise Resource Planning database that Visual APS will connect to
- Select the relevant roles (i.e db_datareader role, db_datawriter role)
By assigning the user to the public role in the Enterprise Resource Planning database and use the LYNQ application role setting on the Visual APS database connection
- Open the SQL Management Studio
- Expand the Security Folder
- Create a new logon or select an existing logon (either Windows User/Group or SQL user)
- Right click on the Logon and select properties
- Select User Mapping
- Place a check mark in the Enterprise Resource Planning database that Visual APS will connect to
- By default the Public Role is selected (leave this as the only role enabled)
Where possible use the application role (option 2) as this is the most secure method of providing permissions to users to perfom inserts, updates and deletions in Visual APS. The application role is applied at the time the user logs into the application via the Visual APS Client. The application role may not be suitable in environments where Visual APS has been customised with custom SQL objects such as tables, views, stored procedures which are referenced in the operation of the application. The application role will have no knowledge of these objects and will fail to operate correctly.
To install the Visual APS Client
- From the new users computer, logon as a windows Administrator
- Download the Product Updater from here
- Right click on the Product Updater (downloaded in step 2) and select Run as Administrator
- Enter Customer Name in the Product Updater screen
- Accept the Licence Agreement and then click on the arrow to the right of the customer name (Do NOT click CLOSE)
- Select LYNQ aps and click on Install (IMPORTANT : select the same version installed by other users)
- Once Installed, allow the installation to open the application
- Once opened you will see a File Menu and a Settings Menu in the left hand corner of the screen.
- Click on File > Open
- Click on New Database Connection
- Complete the connection settings
- Click the 'App Role' if you have chosen to configure SQL security using the public database role. (Do not select this if you are using explicit permissions)
- Click on OK to connect to the company
Troubleshooting Security Issues
Error Message: The SELECT permission was denied on the object 'Lynq_VP_UsersRole'.
- Cause: The application role has been created in the database and the user is a member of the public database role. The application role has not been turned on within the application config file.
- Solution: Set the DBConnectionUseLynqRole value to ‘True’ in the application config file (visualplanner.exe.config) or assign the user to the db_owner role.
Error Message: DB Credentials Dialogue Box is prompting you to select authentication setting
- Cause: The application role is turned on within the application config file and the user is a member of the database public role. The Lynq application role cannot be seen under the database security settings
- Solution: Logon as the SA user or an account with sysadmin rights. The Lynq application role will be created and should be visible under the database security settings
Error Message: The EXECUTE permission was denied on the object 'Lynq_VP_LogSchedulingInfo' when selecting Save & Publish
- Cause: The client installation has the Application role turned off and the user is a member of the db_datareader and db_datawriter roles
- Solution: Execute permissions are not part of the db_datareader and db_datawriter role. Either assign the permissions explicitly to this object or add the user the db_owner role
|