Preparing existing security files

The publisher and all subscriber sites must start with the same security file or database.

Before you begin

Do not make any changes to the security data at the subscriber sites until replication is configured, for example do not add any groups or users - any changes that you make are lost when replication is configured in SQL Server.

You need to log on as a security administrator or as a system administrator to perform the following steps.

About this task

Using the Security Manager, verify that the user details are correct before you distribute the Microsoft Access security file to the other sites. Although, the security file does not need to contain the names of all the iBase users, it should as a minimum contain the system, database and security administrator accounts for the publisher and subscriber sites. See Managing Security for details.

Attention: Back up the security file if it is in Microsoft Access format. You will need the original Microsoft Access security file if you want to extend the iBase system in the future by adding additional subscriber sites.

Procedure

  1. Distribute your security database to the subscriber sites
    OptionDescription
    SQL Server
    If your security file is already in SQL Server format, you need to send the following files as used at the publisher site to the subscriber sites, along with a user name and password:
    • A full SQL Server backup of the SQL Server security database
    • A copy of the iBase security connection file
    • The user name and password of a security administrator
    • The iBase database password (this is required if the security administrator at the subscriber site works on a machine that cannot connect to the publication database). This is obtained from the Options dialog in iBase Designer.
    At each subscriber site:
    1. Ask your SQL Server administrator to restore the security database from the supplied backup. This should be done on the server that acts as the Subscriber. The name of the restored database is identical to that of the security database at the Publisher.
      Warning: If the SQL Server database component is to have a different name, create a new security file with the required name, upsize it and then restore the supplied SQL Server backup over the SQL Server component for the new security database.
    2. Redirect the connection file to the restored database on the Subscriber:
    3. Start the iBase Database Configuration utility from the Windows Start menu.
    4. In the Database Configuration utility, browse to the security connection file.
    5. Click Next and, if prompted, enter the database password.
    6. Change the connection properties to direct the security connection file to the security database on the Subscriber.
    7. Test and save the connection settings.
    Access The security files used at the subscriber sites must be upsized from a copy of the security file used at the publisher site. They are in Microsoft Access format. For background information, see Importance of the Security File at the Publisher Site.
    1. Distribute the upgraded security file, in Microsoft Access format, to the subscriber sites using any appropriate method, such as CD or email.
    2. At each subscriber site, create a shared folder and copy the supplied security file to it. The folder must be on an application or database server.
    Attention: Do not make any changes to the security files at the subscriber sites. You can rename the files if required but any other changes are lost when replication is configured. For information on file names, see Before creating any iBase databases.

    You need to convert (upsize) the security file from Microsoft Access to SQL Server format before you can replicate it. Upsizing creates an SQL Server database on the designated server, leaving the .ids file in the database folder as a connection file for the SQL Server database.

    Before upsizing, review the name of the security file because the logical name of the SQL Server database is derived from it. For information on file names, see Before creating any iBase databases.

    At the publisher and all subscriber sites:

    1. In iBase Designer, log on as security administrator or as a system administrator, using the Microsoft Access security file.
    2. Click Cancel when you are prompted to open or create a database.
    3. From the Tools menu, select Upsize Security File to SQL Server.
    4. You are informed that a backup is made of the Microsoft Access security file. This has the file extension .ids.bak (appended with a number, such as .ids.bak1, if there is already a file with this extension in the folder). Click OK to continue. The Upsize Security File dialog is displayed.
    5. Enter the name of the server for the site.
      Note: Do not select the Local option from the Server list.
    6. Select the security mode. This is Windows Authentication unless your SQL Server administrator directs otherwise.
    7. In Identifier, enter a site identifier, up to 5 characters long. The identifiers for the security connection file and the database at a site are generally the same but otherwise should be unique within the replicated system. For example, you might use the site identifier PUB for the security file at the publisher site and the publication database.
    8. Click OK to validate the settings and perform the upsize, and then click OK when it completes.

      The path of the security connection file will be displayed in the status area with (SSE) after the file name to indicate that it is now in SQL Server format.

    9. Repeat these steps for each site involved in replication.
    10. Back up the connection files (.ids files). If you lose a connection file, you are not able to log on at that site.
    Attention: Do not make any changes to the security data at the subscriber sites. You can rename the files if required but any other changes are lost when replication is configured. For information on file names, see Before creating any iBase databases.
  2. Protect the security connection file.

    In Windows, protect the SQL Server security connection file by making it read-only or by setting appropriate security permissions. This allows any user in iBase Designer to view the properties of the connection file but prevents anyone, including iBase security administrators, from changing the SQL Server connection details.

    You should also ensure that the security connection file is included in any backup schedules for the database folder.

  3. Assign an identifier to a security connection file:

    If you upsized the security file without entering an identifier, you can enter one now.

    1. Make sure that you have write access to the security connection file.
    2. In iBase Designer, select File > Security File Properties and enter the site identifier in the Identifier field.

What to do next

Next steps

Step Details
Security connection file

Tell your SQL Server administrator whether you need to replicate the security audit log.

After the security connection file exists:

  • At the publisher site, request the SQL Server administrator to configure a publication for the security file. You can add user groups of any type, add users, and assign them to groups, and define permissions for SCAC groups either before or after replication is configured (but you should not change the security data at the subscriber sites).
  • At each subscriber site, request the SQL Server administrator to configure the subscriptions. Do not change the security data at the subscriber sites until you are notified that replication is configured for these.

After replication is fully configured, test the replicated security file at each site.
Database preparation To continue, review the design of the database as discussed in Updating the Database Design. If no updates are required, see Preparing Existing Databases.