Microsoft® Provisioning Framework (MPF) has four types of Microsoft® SQL Server databases:
In SQL, permissions to select (read) and write to database tables and stored procedures is granted by role. Databases typically have multiple roles to support users with different sets of access permissions. To access an MPF database, the calling user must satisfy two conditions:
Groups are assigned to roles using SQL Enterprise Manager. The following table lists the default MPF database roles, the databases they are associated with, and the groups assigned to the role. However, using Enterprise Manager, you can change the roles for a database as well as the members and permissions for a role.
Roles | Databases | Permissions | Groups |
---|---|---|---|
MPFAdminRole | All | Full permissions to all tables and stored procedures | MPFAdmins |
MPFAuditorRole | MPFAudit | Read (select) access to audit data | MPFAuditors |
MPFServiceRole | All | Write access to the MPFAudit and MPFTranLogData database and
read access to MPFConfig to fetch stored procedures and
configuration properties
Note To successfully execute the Custom Audit::Audit procedure against MPFAudit, MPFServiceRole must have write permissions for any tables and stored procedures updated by the SQL commands. |
MPFServiceAccts |
MPFClientRole | MPFConfig | Read access to client properties and the list of available provisioning engine and queue manager servers | MPFClientAccts |