Users of the RED IM management console, for both fresh installations or upgrades of RED IM 184.108.40.206, will be unable to open the management console (and thus complete an upgrade) when database access is achieved using Windows Integrated Authentication and SQL server permissions are derived solely via Windows Group Membership.
A change was made to the data access layer of RED IM where explicit schema assignments are now evaluated. When a schema is assigned to a group and not the user, and that group is not also assigned the sysadmin server role, the schema lookup for the user will be empty. This causes RED IM to be unable tp find the correct tables to validate and update. Bad table validation causes RED IM to create the missing tables which in turn leads to the failure to launch the console when SQL Server returns an error that the table actually does exist.
A fix will be provided in an upcoming version of RED IM.
For an immediate workaround, you have the following options if you are upgrading (or have upgraded) to RED IM 220.127.116.11:
- Grant all console users and service accounts permissions directly to the RED IM database. You do not need to grant sysadmin or control server, the lower levels of permissions identified in the installation guide (DBO or read, write, ddl_admin, execute, etc.)
- Switch RED IM to use a SQL Server native account rather than using Windows integrated authentication and grant the required permissions to the account. This will require a proper account be created and granted permissions on the SQL database host. Lieberman support will be happy to assist in making this transition if required. Contact Lieberman support at https://liebsoft.zendesk.com.
- Grant your group the ‘sysadmin’ role for the DB host(s) which forces the use of the DBO schema by default.
Consult with your DBA for more information on making any of the above changes.
- RED Identity Management 18.104.22.168