Skip to main content

Configure User Accounts and Permissions

Note: The user must have Azure Admin privileges to configure user accounts and permissions for Amazon Relational Database Service (RDS) for SQL Server as storage.

For Jet Analytics Data Integration to ingest data from sources and write data to target data storages, the proper permissions must be in place. This is done by configuring user accounts within a security group and granting that group the necessary permissions.

Accounts

User accounts

Identify and/or create the following user accounts. For cloud deployments, Azure Active Directory (AAD) is recommended. Azure Active Directory is required if using Azure Analysis Services. For on-premises deployments, Active Directory (AD) is recommended but not required.

  1. One user account for each Jet Analytics Data Integration developer (these may already be in place).
  2. Ensure each Jet Analytics Data Integration developer also has access to the relevant instances in the Jet Analytics Portal. This portal is managed by the insightsoftware Support team. For assistance or additional information, reach out to Product Support.
  3. One Service Account must be created on the Application Server. This account is used to run the Jet Analytics Execution Service and the Jet Analytics Ingest Service.

Security group

Because all Jet Analytics Data Integration developers and service accounts require the same permissions, using a Security Group makes it easier to create and manage permissions for all users at once.

Create an Active Directory (AD) Security Group named TXDevelopers (or similar) and add all the user accounts identified above.

Permissions

Application server

The Security Group requires local or domain Administrator rights on the Application Server to start and stop Jet Analytics services.

Source databases

If Windows or Active Directory Authentication is used to connect to SQL data sources, the "Log on As" user account for the Jet Analytics Ingest Service must have READ permissions on each SQL data source. SQL authentication may be used as an alternative, in which case this permission does not need to be granted to the user or security group.

Target data platforms

Configure the permissions below for the target data platforms in your chosen environment architecture.

SQL Server (on-premises) or Azure SQL Managed Instance

  • sysadmin or dbOwner.
  • SQL Server Analysis Services (if applicable): Server administrator role.
Note:

If using dbOwner instead of sysadmin, a user account with at least dbCreator rights must log in and create the database first.

Azure SQL Database

  • Server admin, Azure Active Directory admin, or the dbmanager role in the master database.
  • If using contained database users, the db_owner role is required.

See Authorize server and database access using logins and user accounts on Microsoft Learn for more information.

Azure Analysis Services

  • An App Registration (Service Principal) with the Analysis Services Administrator role on the server.

Azure Data Lake

  • An App Registration (Service Principal) with the Owner role on the Storage Account.

Azure Data Factory

  • An App Registration (Service Principal) with the Data Factory Contributor role on the Azure resource.

Azure Synapse Analytics — Dedicated SQL Pool

To use a Dedicated SQL Pool as the target storage for a Prepare instance, execute the following SQL statements:

Create a SQL Server login in the master database:

USE MASTER
					CREATE LOGIN <LOGINNAME> WITH PASSWORD = 'STRONGPASSWORD';

Create a user in the desired Prepare instance storage database:

USE <Insert Database Name Here>
					CREATE USER <USERNAME> FROM LOGIN <LOGINNAME>;

Assign the db_owner permission to the user:

EXEC sp_addrolemember 'db_owner', '<USERNAME>'

Was this article helpful?

We're sorry to hear that.