Setting up the Spotfire database (SQL Server with Integrated Windows authentication)
If you plan to use Microsoft SQL Server for storing the Spotfire database, on a Windows computer in a Windows domain and you also plan to use Integrated Windows authentication between Spotfire Server and the Spotfire database in SQL, follow these steps before running the Spotfire Server installer.
About this task
Before you begin
- You have downloaded and unzipped the Spotfire Server installation kit from the TIBCO eDelivery web site. For instructions, see Downloading installation software.
- The following settings
must be configured on the SQL Server:
- TCP/IP communication listening on a port (the default is 1433).
- Case-insensitive
collation (at least for the
Spotfire
database).
Note: If your installation of SQL Server uses a case-sensitive collation by default, or your data uses a different collation than
Latin1_General_CI_AS
, you must edit the create_server_db.sql script before running the create_databases_ia.bat script. See step 2 below. - The command line database tools (sqlcmd, etc.) must be in the system path.
About this task
With this type of configuration, the Spotfire database will use Windows accounts for authentication. The current user who is running the scripts to create the database must have administrative privileges on the database server, but the Spotfire process should run as a different user when connecting at runtime. Therefore, the scripts have been designed to access the database with a different Windows account when the server is running. This user is assigned to the variable WINDOWS_LOGIN_ACCOUNT. Note that the user who ran the scripts to create the database will get database owner permissions (dbo) to the database and will be able to administer the Spotfire database using integrated authentication.
If the user assigned to the WINDOWS_LOGIN_ACCOUNT variable already exists as a login on the database server, the create_server_user_ia.sql script must be edited. The following rows should then be commented out:
use master
GO
CREATE LOGIN [$(WINDOWS_LOGIN_ACCOUNT)] FROM WINDOWS WITH
DEFAULT_DATABASE=[$(SPOTFIREDB_DBNAME)],DEFAULT_LANGUAGE=[us_english]
GO
ALTER LOGIN [$(WINDOWS_LOGIN_ACCOUNT)] ENABLE
GO
DENY VIEW ANY DATABASE
TO [$(WINDOWS_LOGIN_ACCOUNT)]
As mentioned above, the server process should connect as different user than the user that runs this script for security reasons. If you really want to use the same account then you must comment out the following lines from create_server_user_ia.sql:
CREATE USER [$(SPOTFIREDB_USERNAME)] FOR LOGIN [$(WINDOWS_LOGIN_ACCOUNT)]
GO