Setting up the Spotfire database (SQL Server with Integrated Windows authentication)
If you are running Microsoft SQL Server and plan to use Integrated Windows authentication between Spotfire Server and the Spotfire database in SQL, follow these steps to set up the database before you run the Spotfire Server installer.
Prerequisites
- You have downloaded and unzipped the Spotfire Server installation kit from the TIBCO eDelivery web site; for instructions, see Downloading installation software.
- The following settings must be configured on the SQL Server:
With this type of configuration, the Spotfire database will use Windows accounts for authentication. The current user who is running the scripts to create the database must have administrative privileges on the database server, but the Spotfire process should run as a different user when connecting at runtime. Therefore, the scripts have been designed to access the database with a different Windows account when the server is running. This user is assigned to the variable WINDOWS_LOGIN_ACCOUNT. Note that the user who ran the scripts to create the database will get database owner permissions (dbo) to the database and will be able to administer the Spotfire database using integrated authentication.
If the user assigned to the WINDOWS_LOGIN_ACCOUNT variable already exists as a login on the database server, the create_server_user_ia.sql script must be edited. The following rows should then be commented out:
use master GO CREATE LOGIN [$(WINDOWS_LOGIN_ACCOUNT)] FROM WINDOWS WITH DEFAULT_DATABASE=[$(SERVERDB_NAME)],DEFAULT_LANGUAGE=[us_english] GO ALTER LOGIN [$(WINDOWS_LOGIN_ACCOUNT)] ENABLE GO DENY VIEW ANY DATABASE TO [$(WINDOWS_LOGIN_ACCOUNT)]
As mentioned above, the server process should connect as different user than the user that runs this script for security reasons. If you really want to use the same account then you must comment out the following lines from create_server_user_ia.sql:
CREATE USER [$(SERVERDB_USER)] FOR LOGIN [$(WINDOWS_LOGIN_ACCOUNT)] GOAnd, if you have enabled the creation of demo data, the following rows in create_demo_user_ia.sql must also be commented out:
CREATE USER [$(DEMODB_USER)] FOR LOGIN [$(WINDOWS_LOGIN_ACCOUNT)] GO