Using a Windows-authenticated sde login in SQL Server
If you use an sde-schema geodatabase, you can use a Windows sde login instead of a SQL Server-authenticated sde login. Keep in mind that the ArcSDE Post Installation wizard always creates a SQL Server-authenticated sde login. To work with a Windows sde login, you must complete most of the postinstallation setup manually.
Note:You cannot use Windows-authenticated users if you are using an ArcSDE application server that is installed on a different server than your SQL Server instance. See technical article 36420 on the ArcGIS Resource Center for details.
-
Create a Windows sde login. This can be a domain login or a local Windows login on the server where SQL Server is installed.
Note:
If the sde user is a local Windows login, it can only make local connections to the geodatabase; it cannot log in to the geodatabase from other computers.
- Add this login to the SQL Server logins collection on the SQL Server instance. This account will be used as the login that connects to SQL Server when the ArcSDE service starts, if you choose to use an ArcSDE service.
- Use a SQL Server client, such as Management Studio, to create a database.
- Open a new query window in Management Studio.
- Add the sde login to your new database as a user and create a default schema for the user by executing the following command. Be sure to replace the <domain or server name> with your domain or server name.
- Grant the sde user CREATE TABLE, CREATE VIEW, CREATE STORED PROCEDURE, and CREATE FUNCTION privileges in the database.
- Log in to Windows using the sde account to create the ArcSDE geodatabase repository. You must be logged in as the Windows sde account to perform this step.
-
Use the sdesetup command to create and populate the ArcSDE geodatabase repository. For example:
sdesetup –o install –d SQLSERVER –D mydatabase –s gis1 –l arcsde.ecp
This command creates a geodatabase in a database named mydatabase on a server named gis1. No user name or password is provided, so the connection to the database is made as the user who is logged in when the command is run. Since the command was run by the Windows sde login, all the objects created in the database are stored in the sde user's schema.
-
Once you receive your authorization file, run sdesetup with the update_key operation. For example:
sdesetup –o update_key –d SQLSERVER –D mydatabase –s gis1 –l arcsde.ecp
- If you want to use an ArcSDE service to connect to the geodatabase, complete the remaining steps. Otherwise, you do not need to complete these steps.
- Start the ArcSDE Post Installation wizard to create an ArcSDE service if you use one at your site.
- When the wizard opens, click the Custom button.
- Click Next to proceed to the Select ArcSDE Setup Wizard Option dialog box.
- Deselect the first three options. Only Create ArcSDE Service should be selected.
- Click Next.
- Choose DBO Schema on the Select schema dialog box. Even though you are creating a service that connects to an sde-schema geodatabase, you must create the service as if it were a dbo schema.
- Click Next to open the ArcSDE Service Information dialog box.
- Type your service name and port number.
- For the ArcSDE DBA Login, type the full name of the Windows sde login (for example, domain\sde).
- Type the password of the Windows sde login in the ArcSDE DBA Password field.
- In the Database field, type the name of the database you created in step 2.
- Verify that the remaining information is correct, then click Next.
- Click Finish when the service is created and started successfully.
CREATE USER sde FOR LOGIN <domain or server name>\sde WITH DEFAULT SCHEMA = sde;
Note:The schema name and user name must be sde.