Configuring Users and Roles in an Advanced SQL Server Bound Book 1) Open SQL Server Microsoft Management Studio. Note: SQL Server Management Studio is not installed by EZ Arms Keeper. It is however installed by the Microsoft SQL Server 2014 install. 2) Login into the Microsoft SQL Server Instance. 3) You are now connected to the Server Instance. 4) Find the Bound Book database that you are going to be adding users to. Expand out the Databases node. For this example we going to work with the bound book “Advanced Bound Book”. 5) First we need to add a login. There are two types of Logins (Windows Authentication and SQL Server Authentication). Windows Authentication logins can be used to associate with you existing Domain Users. This way you don’t have to maintain an additional username / password. SQL Server Authentication logins are a separate username / password only applicable for this Microsoft SQL Server instance. First we are going to add a SQL Server Authentication login as this is the simplest type of login. Login Name: SqlServerLogin Password: ********** Confirm password: ********** Default database: master (DO NOT CHANGE the logins default database from master) 6) Select the User Mapping. User Mappings allow us to add the Login to have access to a specific bound book. Add the login to the “Advanced Bound Book” database by checking the box. Specify the Logins Role within the database. Application Roles 1) 2) 3) Administrators – A user that is a member of this role has access to all commands / features in EZ Arms Keeper. The only thing that the Administrator role does not have the ability to do is upgrade the Bound Book database. This requires the user be a member of the server role “db_owner”. Acquisitioners – A user that is a member of this role has access to creating new acquisitions and new contacts. Users of this role cannot edit acquisitions or contacts. Dispositioners –A user that is a member of this role has access to creating new dispositions, new contacts and filling out an e4473 form. Users of this role cannot edit dispositions, contacts, or e4473s. 4) 5) SettingsMangers – A user that is a member of this role as access to change the EZ Arms Keeper options. TransactionManagers – A user that is a member of this role has access to everything in the Acquisitioners and Dispositioners roles as well as the ability to Edit Acquisitions, Contacts, Dispositions, and e4473s. It also has access to Void Firearms and Dispositions. Server Roles: 6) public – By default all users are members of this role. DO NOT REMOVE users from the public role or parts of EZ Arms Keeper may not function properly when this user is logged in. Note: A user can be a member of multiple roles. The result with be an accumulation of permissions from each role. For this example we are going to choose to add the user to the “Acquisitions” role. 7) Open EZ Arms Keeper 8) Open the SQL Bound Book. Note: That after opening the bound book you can’t see the Disposition menu option because the SqlServerLogin we created is not a member of a role that has access to this feature. This user does not have access to change settings, create new bound books, open new bound books, etc. This user does not have the ability to Edit Acquisitions after they are created. This requires the “Transaction Manager” role. 9) Now let’s create a Windows Authentication user in SQL Management Studio. 10) Enter / Select a valid Windows login for your domain. You domain may be the local computer or a network domain. 11) Add the login to the “Advanced Bound Book” database by checking the box. 12) Add the user to the application roles. 13) Not only can you add individual Windows Users but you can also add a Windows Group as a Login and configure it like a user. The advantage of doing this is as soon as you add a new user to the Windows Group it will pick up the permissions in the database that you have already configured the Windows group to have. This can make maintaining users roles much easier.