Users and roles

Like most DBMS-es Querona uses users and roles for access management. Permissions can be assigned on a per-user or per-role basis.

Any number of users can be assigned to a single role.

The following chapter describes the user, role and permission management.

User management

This section can be found under ADMINISTER ‣ User management:

User management

Querona comes with a few predefined user accounts:

Account name Description
admin The default administrative account
spark The default account used for reverse Spark connections (see: Spark connection & management)
BUILTINAdministrators Default Windows Administrators group mapping
system (hidden) The default system account used by Querona

A new user can created using the Add user button:

User management

The following table summarizes the fields:

Field name Description
Login The name of the account. If using Windows Authentication, the format should be “DOMAINaccount”.
Integrated authentication Enabled Integrated Windows Authentication, disables password
Password Account password when using SQL authentication
Confirm password Retype password
First name Optional: user’s first name
Last name Optional: user’s last name
User type Type of the account: Regular - standard account, Spark reverse account - see: Spark connection & management, System - reserved for system account - do not use
Disabled Disabled accounts will not be rejected on authentication

The next screen allows assigning the account to Roles. Every account must be assigned at least to public role.

Once defined, you can use the Access rights functionality to define the actual permissions for the given user.

Role management

This section can be found under ADMINISTER ‣ Role management:

Role management

Querona comes with several predefined roles:

Role name Description
datareader Members of the datareader built-in server role can query any table in any database
dbcreator Members of the dbcreator built-in server role can create new databases and connections
public Default role assigned to all users, any rights granted to the public role are granted to all current and future users
securityadmin Members of the securityadmin built-in server role manage logins and their properties
sysadmin Members of the sysadmin built-in server role can perform any activity in the server.
viewer Members of the viewer built-in server role can see any table in any database but cannot query or modify data

A new role can created using the Add role button:

Role management

The two required fields don’t require much comment.

The subsequent screen allows adding any existing user to the newly created role.

Once defined, you can use the Access rights functionality to define the actual permissions for the given role.