How to Change Database Authentication
Note: This how-to is only valid for SQL Server databases configurations.
When upgrading an existing Agile Platform installation to start using a different authentication mode in the database, it is important to follow the steps below to avoid undesired behaviors.
To reduce downtime during the process, it is advised that you previously execute the steps of the Database Catalogs, though you won’t be able to test the connections in Service Center.
Also, in Farm Installations there can be a temporary problem contacting the Session database between the steps 8 and 10.
1- Open the Configuration Tool in the Controller machine
2- Change the 'Authentication' dropdown to the desired type of Authentication.
3- Configure usernames and passwords for all users on the ‘Database’ tab. Take note that users may be required to have ‘Run as a Service’ permissions on the Front-end servers.
4- Click 'Grant Permissions' and check everything is ok with the 'Test Connection' for each user.
5- Click 'Configure Session Database' in the 'Session' tab.
6- Click 'Apply and Exit' and choose to run the Service Center Install.
If there are Database Catalogs configured:
7- Open the Service Center
8- Go to 'Administration’ -> ‘Database Catalogs’
9- For each configured catalog (other than 'Main') you will have to give permissions to users to access that catalog in the database.
The 'Admin user' requires the roles: db_accessadmin, db_datareader, db_datawriter, db_ddladmin and db_securityadmin.
The 'Runtime user' requires the db_datareader and db_datawriter.
- If the Catalog was configured before 7.0 with a specific Runtime user, our recommendation is to change it to the same user configured in the Configuration Tool.
- Using specific users is only allowed for backward compatibility.
10- Test the connection of each database catalog.
11- Republish all eSpaces.
3- Configure usernames and passwords for all users on the ‘Database’ tab.
5- Use the 'File->Export Configuration' and save the configuration file
On each Front-end:
6- Use the 'File->Import Configuration' with the exported configuration file
7- Configure all usernames and passwords on the ‘Database tab’ if needed (because in 'Windows Authentications' passwords are not saved)
8- 'Grant Permissions' and check everything is ok with the 'Test Connection' for each user.
On the Controller Configuration Tool:
9- Click 'Configure Session Database' in the 'Session' tab. To avoid downtime, set the Session state to a different database after step 4.
10- Click 'Apply and Exit' and choose to don't run the Service Center Install.
11- Click 'Apply and Exit'.
NOTE: In case you have multiple Front-end servers, you can avoid downtime by performing this operation one Front-end at a time and leaving at least a one Front-end untouched until you are sure that all applications have been republished.
On the Controller:
12- Open the Configuration Tool again, click 'Apply and Exit' and choose to run the Service Center Install.
13- Open the Service Center
14- Go to 'Administration’ -> ‘Database Catalogs’
15- For each configured catalog (other than 'Main') you will have to give permissions to users to access that catalog in the database.
The 'Log role' requires the db_datareader and db_datawiter.
16- Test the connection of each database catalog.
17- Republish all eSpaces.