Workstation Account Creation - Security Best Practices - Foundation 24.1 - Foundation 24.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Security Best Practices

Platform
OnBase
Product
Security Best Practices
Release
Foundation 24.1
License
Standard
Essential
Premier

By default, OnBase creates specific workstation accounts to communicate with the database. In order to accomplish this account creation, OnBase uses a system account with the securityadmin server role.

It is recommended that specific workstation accounts are not created in the database by OnBase, removing the need for the system account to be granted the securityadmin server role. To disable workstation account creation, select Disable workstation account creation in the Global Client Settings(accessible from the OnBase Configuration module).

With the Disable workstation account creation option enabled, the following privileges can be removed from the HSI database account when used with the corresponding database platform.

Database Platform

Privilege

Microsoft SQL Server

The Security Admin role is not required.

Oracle

The create user and alter user permissions are not required.

Note:

These permissions are still required during the initial database creation, and can only be removed after the Disable workstation account creation option is enabled.