Read-Only User
Read-Only User has exclusive permissions to read information in the database, modify select data, and execute secure query reports to improve the security level of the application.
Role Required: SDAdmin; Users with Create Query Report permissions.
Create Read-Only User
- Create a user in the database. Refer to the following table for queries to create a user in the database:
External Postgres |
MSSQL |
CREATE USER <username> WITH LOGIN PASSWORD <password>; GRANT CONNECT ON DATABASE <databaseName> TO <username>; GRANT USAGE ON SCHEMA public TO <username>; GRANT SELECT ON ALL TABLES IN SCHEMA public TO <username>; |
USER <databaseName> CREATE LOGIN <username> WITH PASSWORD <password>; CREATE USER <username> FOR LOGIN <username>; GRANT USAGE ON SCHEMA public TO <username>; GRANT SELECT ON ALL TABLES IN SCHEMA public TO <username>; |
- Grant relevant permissions for all tables.
- Revoke access for tables that contain private or irrelevant data using the following query: REVOKE SELECT ON <tableName> FROM <username>. For example: REVOKE SELECT ON passwordtable FROM rouser;
- Obtain the encrypted key of the password.
- Go to [ServiceDesk Plus Home]\bin in the command prompt.
- Execute the file encrypt.bat.
- Type the Read-Only User password and click Enter.
- Copy the password encryption key displayed in the command prompt and store it in a secure location.
- Go to {SDP_Home}/ServiceDesk/conf.
- Open the database_params.conf file.
- Configure the username in the relevant tag. For example: rodatasource.username=<username>.
- Fetch the encrypted password key and configure it in the relevant tag. For example: rodatasource.password=<password>.
Update Database Flag
- After the user is created, connect the application to the database and execute the following query. This will allow the Read-Only User to create secure query reports that do not fetch data from the restricted tables: UPDATE ReportModuleConfiguration SET PARAMVALUE = 'true' WHERE CATEGORY LIKE 'ROUser' AND PARAMETER LIKE 'Use_ROUser'
- Restart the application for the changes to take effect.
Restore ServiceDesk Plus
While restoring ServiceDesk Plus from backup data,
- If the database setup is not changed, update the database flag after restoring the data.
- If the database or application setup is modified, create a Read-Only User again as mentioned above.
Tables to be restricted for the Read-Only User:
- AaaAccHttpSession
- AaaPassword
- RememberMeDetails
- CustomFunctionDetails
- AdminAuditHistoryJson
- MobileAuthKey
- CommonPassword
- PasswordInfo
- PasswordResetLink
- BackupSchedule
- CustomModuleInstance
- CustomModuleDescription
- CustomModuleHistory
- CustomModuleHistoryDiff
- CM_Tasks
- CM_Comments
- CM_Attachments
- Custom_001
- Custom_MultiSelect_001