SQL server permissions required by eShare

CADMATIC eShare server uses a Microsoft SQL Server database. Supported versions can be found in docs.cadmatic.com/systemrequirements.

The following topics provide information on the permissions for running Microsoft SQL Server database in CADMATIC eShare.

Note: The following applies to CADMATIC eShare version 2024T1 or newer. Previous versions may have required different permissions.

Installation

To install CADMATIC eShare for the first time, the used SQL Server login must have permission to create databases ("CREATE ANY DATABASE"). If the same login is used in the eShare connection string (this is the default), no other permissions need to be granted, and eShare can be used with this setup alone without further changes.

With "CREATE ANY DATABASE", eShare has full rights to create new project databases and acts as db_owner of those projects. If this database ownership is not possible due to security concerns, the following sections will describe in detail how to change the connection string, as well as which specific permissions are needed for eShare to function.

Configuring the database connection string

The database connection string used by eShare is configured in Internet Information Services (IIS) Manager. The login specified in that connection string is the login that performs all eShare database operations.

Do the following:

  1. Log in to the eShare server computer with administrative privileges, and open the Internet Information Services (IIS) Manager application.
  2. In the Connections pane, browse to Sites > eShare.
  3. In the main view, open Connection Strings.
  4. Double-click the Main row, and edit the connection string as required.
  5. Restart the web server for the changes to take effect.

Required permissions

Day-to-day operation

Day-to-day operation of eShare requires the following permissions:

  • On the main database:

    • CONNECT

    • SELECT

    • INSERT

    • UPDATE

    • DELETE

  • On the project database:

    • CONNECT

    • SELECT

    • INSERT

    • UPDATE

    • DELETE

    • ALTER on ModelObjectObject

    • Publishing:

    • EXECUTE

    • ALTER (on ModelObjectAttribute, ModelObjectAttributeStaging,ModelObject, ModelAttributeDefinition)

    • REFERENCES (on ModelObjectAttribute, ModelObjectAttributeStaging,ModelObject,ModelObjectObject, ModelAttributeDefinition)

    The publishing permissions are not required, if the IIS setting Cadmatic.IsAttributeStagingTableUsed is set to false. This, however, results in slower publishing. See Configuring application settings.

    Note: If theeShare project was created in eShare user interface, the user accessing the database is automatically db_owner of the database, and none of these permissions need to be granted manually.

Creating projects

Each eShare project has its corresponding database. In order to create databases from the eShare user interface, the eShare login must have permission to create databases ("CREATE ANY DATABASE").

If this is not possible due to security policies, eShare projects must be created manually using the DatabaseManager tool supplied with eShare. See Database administration .

Installation and version upgrades

When installing or upgrading to a newer version of eShare, database revision upgrades generally assume all the above permissions + db_owner level permissions, as these upgrades may alter anything in the main or project databases.