Administration > Security settings > Security of database access

To secure database access, we recommend using IntegratedSecurity so that the Windows user login is also used to log in to the database management system. This means that it is theoretically possible for users to log in directly to the database server and thus gain unfiltered access to the data in the TiCon database. To prevent this, we recommend reducing the authorization of the Windows users/groups so that only the authorization to connect to the server (role membership public) exists.

▪To avoid direct database access, it must be ensured that users do not have direct access to the database.

▪Windows users/groups only require the authorization to connect to the server ("Role membership public").

▪If the database roles " db_reader, db_writer, db_owner" or explicit "Authorizations on tables/views/stored procedures/functions" have been assigned, these should be removed.

▪The data in the database should only be accessed via the application role "TiConAppRole".

▪This "Application Role" has already been created in the MTM database and is password-protected. This role is inactive by default. To use it, the application role must first be "aktiviert".