Using a Windows-authenticated sde login in SQL Server

If you use an sde-schema geodatabase, you can use a Windows sde login instead of a SQL Server-authenticated sde login. To do so, create the Windows or domain login to be mapped to the sde user, add it to the SQL Server instance, create a database to be used to store your geodatabase, add an sde user and schema to that database, mapping the appropriate login to the sde user.

NoteNote:

You cannot use Windows-authenticated users if you are using an ArcSDE application server that is installed on a different server than your SQL Server instance. See technical article 36420 on the ArcGIS Resource Center for details.

Steps:
  1. Create a Windows login, which will be mapped to the sde user. This can be a domain login or a local Windows login on the server where SQL Server is installed.
    NoteNote:

    If the login is a local Windows login, it can only make local connections to the geodatabase; it cannot log in to the geodatabase from other computers.

  2. Add this login to the SQL Server logins collection on the SQL Server instance. This account will be used as the login that connects to SQL Server when the ArcSDE service starts, if you choose to use an ArcSDE service.
  3. Start SQL Server Management Studio and create a database.
  4. Open a new query window in Management Studio.
  5. Add the login to your new database as a user and create a default schema for the user by executing the following command. Be sure to replace the <domain or server name> with your domain or server name and <login name> with the actual login name.
    CREATE USER sde 
    FOR LOGIN <domain or server name>\<login name> 
    WITH DEFAULT_SCHEMA = sde;
    
    CREATE SCHEMA sde AUTHORIZATION sde;
    
  6. NoteNote:

    The schema name and database user name must be sde.

  7. Grant the sde user CREATE TABLE, CREATE VIEW, CREATE PROCEDURE, and CREATE FUNCTION privileges in the database.
    GRANT CREATE TABLE
    , CREATE VIEW
    , CREATE PROCEDURE
    , CREATE FUNCTION TO sde;
    
  8. Log in to Windows using the login account to create the geodatabase repository. You must be logged in as the new Windows account to perform this step.
  9. Start ArcCatalog or ArcMap and open the Catalog window.
    TipTip:

    Be sure the SQL Server Native Client is installed on the client computer so you can connect to the database.

  10. Add a database connection to the database you created in step 3. Use operating system authentication to connect.
  11. Right-click the database connection and click Enable Geodatabase.

    The Enable Enterprise Geodatabase opens and the Input Database text box is populated with the database connection.

  12. Browse to the ArcGIS for Server authorization file that was created when you authorized ArcGIS for Server, and add it to the Authorization File text box.

    When you use the wizard to authorize ArcGIS for Server, a keycodes file is written to the server where the software is installed. If you authorized ArcGIS for Server on a Linux box, the file was created in /arcgis/server/framework/runtime/.wine/drive_c/Program Files/ESRI/License<release>/sysgen. If you authorized on a Windows server, the file was created in Program Files\ESRI\License<release>\sysgen. If you have not already done so, authorize ArcGIS for Server to create this file.

  13. Click OK to run the tool.

If your geodatabase users will only connect directly to the geodatabase and you have installed the SQL Server native client on all client machines, your geodatabase setup is complete. If you will use an ArcSDE service for connections at your site, you must install the ArcSDE application server and create and start a service. See the ArcSDE application server for SQL Server installation guide for instructions.

Related Topics

11/14/2016