Hardening your database

Return to previous page

  • 4/7/2015
  • 1834 Views

Comments

1834 Views

Hardening your database

Last updated 2 years ago

Comments

Common

(Enter the content of this article below)

Advanced

 

SQL Permissions

Typically DotNetNuke sites are installed and run under dbo , however DotNetNuke has a few options for sites that wish to operate under a reduced set of user permissions.

Installing/upgrading with non-dbo users

It's possible to install DotNetNuke with a non-dbo user. The minimum set of permissions required for DotNetNuke to install and use is to have a user that belonds to the db_datareader, db_datawriter, db_ddladmin and db_securityadmin roles. In addition, the user needs to have Execute rights to execute stored procedures.
Some upgrades may issue an error, if db_owner permission has not been granted and another user with db_owner permission will need to modify database settings manually, e.g. increment database compatibility level, when upgrading to DNN 7.4.0 or beyond.

The following blog details how to set up and use the relevant user.

Please note, 3rd party modules may require more permissions - in particular modules (including the core reports module) that support the usage of direct SQL will require more permissions i.e. not just the ability to execute stored procedures.

Running under a lower user

DotNetNuke primarily requires most of it's permissions during installation and upgrading as well as installtion/upgrarding of some extensions. This is because these scripts will contain DDL instructions such as SQL to create and modify tables and stored procedures.

However outside these scenarios most sites simply execute stored procedures that contain DML instructions such as SELECT, INSERT,UPDATE and DELETE. To support this common configuration, DotNetNuke offers an optional upgradeConnectionString . The connection defined in this string is used for install/upgrade of core and modules, whereas the normal connection string is used for daily running of the site. A site wishing to lock down database permissions might set a dbo user as the upgrade connection string and set a user that only has read permissions (e.g. db_datareader) and the ability to execute stored procedures.

Contents
No sections defined

DNN Digest is our monthly email newsletter. It highlights news and content from around the DNN ecosystem, such as new modules and themes, messages from leadership, blog posts and notable tweets. Keep your finger on the pulse of the ecosystem by subscribing.  


Copyright 2017 by DNN Corp Terms of Use Privacy
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out