PANTHEON creates a SQL Server login for each PANTHEON user.

The PANTHEON use AD uses the SQL Server user AD.

If you attach a database from another server, users of that dabase exist for the database, but not for the server. To create SQL Server users from existing database users, use the AddUsers utility.

Passwords

PANTHEON uses SQL authentication of users and their passwords. A PANTHEON user is created as a SQL Server login with the same name.

To prevent users from accessing the database through a back door (e.g. using Excel, Access or Query Analyzer), the password is encrypted.

Example: the user AD has the password 1234, but this is stored as a$32wzhfdfi42_. Because the encryption algorithm is secret, the user cannot encrypt the password on his own. The password entered at PANTHEON logon is  encrypted and compared to the stored value.

Always change passwords in PANTHEON. You will not be able to logon to PANTHEON if you change passwords with a database manager or query utility.

If a user needs access to PANTHEON's data, create him or her a new SQL or NT login and allow it access only to the necessary tables. WARNING: a user with a NT login or one with a username that is longer than two characters will not be able to edit data in PANTHEON (because of UNDO triggers), but will be able to read them.

SysAdmin Users

At least one user must have SysAdmin privileges on the SQL Server instance. After installation, all users created by the installer (at least the AD user) have SysAdmin privileges.

The SysAdmin is able to add new users.

Setting a SysAdmin User in SQL Management Studio

Open SQL Management Studio, find the desired SQL Server instance, open the Security node, and then Logins.

In the list of users, double-click the user that you want to grant SysAdmin privileges. Check the box next to sysadmin.

PANTHEON's Administration Panel now shows that that user now has access to all databases on the server instance.

Access to some databases can also be revoked in PANTHEON.