Best practice for creating integration users

Owned by James Overell
Jun 03, 2023
2 min read

There is documentation on creating users as detailed at Creating users in Synergetic v68.

However there are limitations with this process:

  • No visibility on users accessible via the Synergetic User Interface
  • Unclear visibility on access to database objects available to this user
  • Inability to effectively access certain views which have business logic that leverages user configuration for settings such as the current FileYear and FileSemester

By creating a user (you will need to link them to a community ID or create a psuedo user) and adding to a group, you can actively manage all access via Group/User Security Maintenance.

Further detail can be found at /wiki/spaces/SUT/pages/2289472861 which is applicable both to users wishing to access database objects for purposes such as MSQuery but is also applicable for third party integration purposes.

Note that once you have elected to Create SQL Group/Permissions a new database role is created in SQL Sever and any objects you make available to this will reflect in the securables against this database role.

Through this process we can give access to specific database objects (views, stored procedures and tables) to a managed group and associate a user/s to this group.

There should be no requirement to directly GRANT access to database objects to directly to users in the database! 

Further consideration may need to be made to ensure that settings such as the current FileYear and FileSemester are updated on a cyclic basis in accordance with the relevant configuration in File Semester Maintenance.

This may require some automation, possibly a trigger, to update if the integration user is not going to be accessing Synergetic via the user interface.