Partager via


What Are the SQL Server Security Requirements for Profiles?

The Profiles System uses SQL Server roles to determine which actions users have permissions to perform. Two roles control access to profile definitions, and three roles control access to instances of profiles.

The following list describes the roles that control access to profile definitions:

  • Profile_Schema_Manager: Allows for create, read, write, and delete access to profile definitions.

  • Profile_Schema_Reader: Allows for read access to profile definitions.

The following list describes the roles that control access to instances of profiles:

  • Profile_Runtime: Allows for create, read, write, and delete access to instances of profiles.

  • Profile_Reader: Allows for read access to instances of profiles.

  • Profile_User_Reader: Allows for read access to instances of the UserObject profile.

If you add or delete SQL tables that the Profiles System uses, you must update the Profile_Runtime and Profile_Reader roles to reflect the changes. If you add or delete SQL tables that affect the UserObject profile, you must also update the Profile_User_Reader role to reflect the changes.

You must assign specific SQL Server roles to the user accounts or security groups that are used to perform different activities. The following list identifies the roles required for each activity:

  • To run the customer-facing Web application: Profile_Schema_Reader and Profile_Runtime

  • To run the Profiles Web service: Profile_Schema_Manager and Profile_Runtime

  • To run the Marketing Web service: Profile_Schema_Reader and Profile_User_Reader

  • To run the Direct Mailer: Profile_Schema_Manager and Profile_User_Reader. Assign these roles to the DML_SG security group.

  • To create profile definitions: Profile_Schema_Manager

  • To create, read, modify, or delete instances of any profile: Profile_Schema_Reader and Profile_Runtime

  • To view users: Profile_Schema_Reader and Profile_User_Reader

  • To view instances of any profile: Profile_Schema_Reader and Profile_Reader

To assign roles to a user account or security group, use the SQL Server Management Console to edit the user account's properties or the security group's properties.

See Also

Other Resources

Before You Start Developing with the Profiles System