What's the connection between the MainBoss Administration security role and outside privileges (e.g. Windows Administrator privileges or SQL Server Administration privileges)?
IT personnel sometimes worry about granting the MainBoss Administration security role to non-IT personnel. We believe this should not be a concern; the MainBoss Administration security role is primarily intended for people who manage MainBoss itself. By granting the role to, say, a manager within the maintenance department, IT personnel can save themselves from day-to-day administration chores, without having to worry about non-IT personnel introducing difficulties.
Giving people the MainBoss Administration security role does not
give them any privileges outside of MainBoss.
In particular, it does not give them any aspect of Windows Administrator or SQL Server Administrator privileges.
The MainBoss Administration security role grants control over MainBoss itself, but nothing outside MainBoss.
On the other hand, if a user who has SQL Server Administrator privileges, will automatically have MainBoss Administration security role even without being a registered MainBoss User.
For example, MainBoss Administration lets you add a user name to the MainBoss Users table. This authorizes that user to use MainBoss. Now consider two cases:
- If you do not have SQL Server Administrator privileges:
- To add a new user to MainBoss Someone who does have SQL Server Administrator privilege must separately grant the user access to the database. When the user is added to the MainBoss Users table you can select credentials for the SQL user that was set up earlier.
- If you do have SQL Server Administrator privileges:
- Then use will be able to use MainBoss's forms to create SQL credentials, and thus use MainBoss to create the MainBoss User and its SQL credentials at the same time.
The MainBoss Administration security role does not give anyone extra SQL Server Administrator permissions.
You can only configure, start and stop the Service if you have Windows Administration privileges, but the MainBoss Administration security role lets you see the log messages. Letting non-IT personnel read these messages should be no risk to the smooth operation of the software; however, being able to read these messages should help IT personnel with troubleshooting.
Note: The MainBoss Administration security role will let non-IT personnel change the configuration information for MainBoss Service. This may cause MainBoss Service to stop servicing MainBoss properly; for example, if the name of MainBoss Service mailbox is changed, MainBoss Service won't be able to find its mail. Incoming messages won't be processed, but they won't be lost either—they'll just be queued up until the configuration is corrected.
While this interferes with the smooth operation of MainBoss, it doesn't interfere with any other software. Furthermore, most of the configuration information for MainBoss Service has nothing to do with software operation at all. For example, the configuration information includes standard email messages to be sent out by the maintenance department when work requests are received; this is the sort of thing that maintenance managers should be allowed to set, as opposed to having it set by IT personnel.