Database Authentication Methods

This topic is only available for Archer on-premises installations.

Authentication methods authorize users to perform computer functions and determine the connectivity to the databases. The method you use is entirely up to your business operations. The authentication methods include:

  • SQL Server Authentication. Archer connects to each database using a SQL account created on the SQL Server instance. You provide the account information during the installation process.
  • SQL Server databases. Archer connects to SQL Server 2017, 2017 on Linux (Ubuntu), or SQL Server 2019 databases for data storage. Restrict authorization to these databases to only the accounts that need access to the database.

    • During installation and upgrade, the account connecting to the databases from Archer requires db_owner permission. Post-installation, the account connecting to both Instance and Configuration databases from Archer requires the following permissions on the database:

    • Data Read rights (member of db_datareader)
    • Data Writer rights (member of db_datawriter)
    • Run permissions on all stored procedures and scalar functions
    • Select permissions on all views, table-valued functions, and in-line functions
    • Run permissions on the system-stored procedure sp_procedure_params_100_managed

    Important: Grant the same privileges to the user for both the Instance database and the Configuration database.

  • Integrated Security. Archer connects through a Windows identity established on the operating system thread using an Active Directory domain user account. You must configure the Application Pool Identity in IIS as the domain user account before installing Archer. This domain user account has DB Owner (DBO) access to the instance database that serves as the process identity for applications assigned to the application pool. DBO access is only required during the installation.

    It is recommended that you create a custom domain services account dedicated to Archer for the IIS Application Pool Identity, and then provide it access to the necessary resources. In addition, be prepared to provide the same account credentials for the Archer Services account during the installation process.

    Note: The term Integrated Security may also be referred to as Trusted Connections. The Application Pool is a means of isolating Web Applications where there are multiple IIS worker processes that share the same Web Server.