For ArcSDE geodatabases for SQL Server Express (ArcSDE database servers), existing Windows logins are added to the database server in ArcCatalog by an ArcSDE database server administrator. These logins can be either domain or local. They can be individual logins or Windows groups.
Once added to the database server, these users are automatically added to each existing geodatabase and to each newly created, attached, or restored geodatabase on the database server.
By default, when a user is added, it is not placed in a role and, therefore, has no specific rights to any geodatabases. When you open the geodatabase permissions dialog box, you will see newly added users have the permission None. Database server administrators or geodatabase administrators can alter a user's geodatabase permissions after he or she is added to the database server. See
Administering user permissions for ArcSDE database servers for details on granting assigned users to roles.
When users are removed from a database server, they are also removed from all the geodatabases on that database server. You cannot remove a user from a database server if the user owns data in any of the geodatabases on the server or if the user owns any geodatabases.
- Right-click the database server to which you want to add a user or group.
- Click Permissions.
- Click Add user on the Permissions dialog box.
- Specify the location where you want to search for the user or group. This can be the local machine or a domain.
- Type the name of the user or group you want to add. You can click the Advanced button to do a more specific query to find the desired user.
- Click Check Names to verify.
- Click OK.
The newly added user or group is automatically highlighted on the Permissions dialog box, so if you want to make this user a database server administrator, simply click Server administrator on the database server Permissions dialog box. Keep in mind, though, that for security reasons, database server administrator permissions should only be granted if the user has to perform server administrative tasks such as attaching or restoring geodatabases.
- Right-click the database server from which you want to remove the user or group.
- Click Permissions.
- Choose the user or group you want to remove from this list and click Delete user.
- Click Apply.
The user or group will be removed from the database server and all geodatabases within that database server.
Tip
- If a user owns any data in any of the geodatabases on the database server, that user login cannot be removed from the database server.
This is not always applicable to DBO users. Users who are DBO (in other words, a Windows login with Server Admin permission on the database server) create data on the DBO schema in any geodatabase. These users can be removed from the database server because the data is owned by DBO, not by a specific Windows login. However, if a DBO user creates a geodatabase, the geodatabase is owned by that user's Windows login. Therefore, DBO users who own geodatabases cannot be removed from the database server. (You can view the geodatabase owner in the Geodatabase Properties dialog box on the Administration tab.)
To work around this, you could create a backup of or detach the geodatabase, then have a different database server administrator (DBO) user restore or attach the geodatabase to the database server. The user who restores or attaches the geodatabase will become the geodatabase owner. You will then be able to remove the original owner from the database server.
|