Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Architecture of DB connections for MSSQL

DanJ
New Contributor III
New Contributor III

I am looking for best practice recommendations on how to connect and manage MS SQL Server using the DB Connector. The documentation does not give any examples at all.

From an architectural perspective, how should we map the various SQL concepts to Saviynt concepts?

- Is the security system the instance/server?
- Should the default endpoint contain server logins as accounts?
- Are database users also represented as accounts, or are they just entitlements?
- how do we typically represent other entitlement types such as server and database roles?
- Would other (child?) endpoints be created per database, with a specific set of entitlements (database users, roles etc)?
- what type should the 'entitlementType' and 'entitlementValue' fields be so that the connector will deal with them? Arrays? A hierarchy?

From a technical standpoint, the example query in the docs (select accountname,securitysystem,endpoint,entitlementtype,entitlementvalue,status from accounts) doesn't make any sense. What is this supposed to be querying? No SQL DBA will allow us to run whatever we want against the DB. We intend that the SQL DBA teams will give us a standardised set of stored procedures for every server, where we have only exec permissions on the SP (list/create/delete etc).

It seems that the below 5 parameters are mandatory so we need to tell the DBAs what to encode in the output of the SP i.e.

account,securitysystem,endpoint,entitlementtype,entitlementvalue

In the first instance we just want to do CRUD of the account, not access, so do we pass nulls to entitlementtype,entitlementvalue?

1 REPLY 1

rushikeshvartak
All-Star
All-Star
  • - Is the security system the instance/server? _- Yes
    - Should the default endpoint contain server logins as accounts? Yes
    - Are database users also represented as accounts, or are they just entitlements? - You need to create sepreate applications
    - how do we typically represent other entitlement types such as server and database roles? - Entitlement Type
  • rushikeshvartak_1-1724854445689.png

     


    - Would other (child?) endpoints be created per database, with a specific set of entitlements (database users, roles etc)? - New application per database
    - what type should the 'entitlementType' and 'entitlementValue' fields be so that the connector will deal with them? Arrays? A hierarchy? - Hierarchy
  •  
  •  
  • rushikeshvartak_0-1724854443306.png

    Import XML Query - You need to prepare as per requirement - mandatory columns are listed in documentation

  • You can just perform account creation in that case don't pull entitlements

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.