Vault Admin User

btd · Post by **btd** » Fri Jan 20, 2006 9:44 am

When you install Vault and use SQL Authentication you are prompted to enter a password for the admin account. This I did.

But I noticed that in vault's web.config file the name sgvaultuser was added to the connection string with an encrypted password.

Is this the same user as 'admin'?
Is this user sgvaultuser impersonating the admin user?

Is this why I had to run the special query to grant this user access to sgvault?

Thanks

btd

Post by **jclausius** » Fri Jan 20, 2006 12:36 pm

btd wrote:Is this the same user as 'admin'?

No. admin is a Vault account. sgvaultuser is a SQL Server account.

btd wrote:Is this user sgvaultuser impersonating the admin user?

Only a Windows account can be used for impersonation. Neither the Vault Admin account nor the SQL Server sgvaultuser account qualifies for impersonation.

btd wrote:Is this why I had to run the special query to grant this user access to sgvault?

I'm not sure what you are referring to for this question.

btd · Post by **btd** » Fri Jan 20, 2006 2:19 pm

What I am trying to ask is...

Is Vault creating 'sgvaultuser' user?

I ask this becuase on a clean install, if I choose SQL Account, the Vault web.config file creates the connection string using this name as the User ID.

Prior to installation, this name 'sgvaultuser' did not appear anywhere and Vault never asked me for what name I wanted to use. So I'm wondering if I have any control over this name.

btd

Post by **jclausius** » Fri Jan 20, 2006 3:06 pm

btd wrote:Is Vault creating 'sgvaultuser' user?

The Vault server installation is creating this, yes.

btd wrote:I'm wondering if I have any control over this name.

It is possible to change, but doing so might have negative side effects on other scripts looking for sgvaultuser within the sgvault database.

The use of the sgvaultuser account is a conscious decision of Vault. The sgvaultuser account is limited to certain rights on only the sgvault database. Using a different account might create security risks to other databases within SQL Server.

btd · Post by **btd** » Mon Jan 23, 2006 8:19 am

So if Vault is creating this user, then can you tell me what kind of account this is? As I don't see it when I launch SQL Server Enterprise manager, user section.

Thanks

btd

Post by **jclausius** » Mon Jan 23, 2006 9:18 am

It is a plain SQL Server account... It should be seen in Enterprise Manager's list of Security Logins as well as under Vault's listing of security users.

shellback55b · Post by **shellback55b** » Wed Jan 25, 2006 6:02 am

I am having the same issue but for a different reason. My ISP has a hosted SQL database where more than one instance of Vault exists. I cannot use a fixed admin account exactly for security reasons...

Now what?

Post by **jclausius** » Wed Jan 25, 2006 9:15 am

In a case like this, you'll have to use plain text passwords in the connect string.

So after Vault has been set up by your provider, edit web.config of the Vault server. Change the UID=NEW_USER_ID;PASSWORD=PLAIN_TEXT_PASSWORD

Note the use of PASSWORD. We've set up the Vault server so connect strings can work either way. PWD is for encrypted passwords and PASSWORD is for plain text passwords.

shellback55b · Post by **shellback55b** » Thu Jan 26, 2006 7:35 am

It worked... Excellent!

SourceGear Support

Vault Admin User

Vault Admin User

Re: Vault Admin User

Vault Admin User

Re: Vault Admin User

Security in Vault