Skip to main content

Database Users

Begin your SEI installation by creating dedicated database users. Secure database access is essential for reliable and maintainable deployments. SEI provides scripts to help you set up users for both Oracle and SQL Server, ensuring each account has the necessary—and only the necessary—permissions.

Choose your environment to get started:

PlatformInstruction
OracleCreate Oracle users and tablespaces.
SQL ServerCreate SQL Server users. Follow the steps in the authentication section below.

Recommendations for production environments

To reduce risk and minimize performance impact on your ERP, connect SEI to a replicated (duplicate) database rather than to the production database itself. This approach isolates analytics workloads, enhances security, and prevents reporting activity from affecting daily operations.

Keep in mind:

  • Offload SEI queries to a replica to avoid extra load on production.
  • Database replication increases complexity and requires ongoing maintenance.
  • Ensure your SEI server is sized appropriately for its workload.
  • For Sage X3 on SQL Server, use DataSync for ERP replication.

SQL Server Authentication

When installing on SQL Server, SEI requires an administrator login for database deployment.

While the built-in sa account provides full permissions, it is strongly recommended to create and use a dedicated SQL Server login for SEI. This approach improves security and eliminates reliance on the sa account for routine access.

Create a dedicated SQL Server login

Use a custom login for secure access:

  1. Assign the sysadmin role to your SEI login during the installation process.
  2. After installation is complete, you can remove the sysadmin role.
    The SEI login will retain dbo (database owner) rights for SEI databases and will have db_owner role by default.
  3. If the login was created after running the installer, confirm correct database mapping and permissions in SQL Server Management Studio (SSMS).
  4. For maximum compatibility, leave the db_owner role selected. For a more restrictive, minimum set, select only:
    • db_datareader
    • db_datawriter
    • db_ddladmin

Enable Windows Authentication

Windows Authentication provides secure, credential-free access with native integration to your Windows environment. This method avoids password exposure and leverages Windows account security.

note

The same database permissions are required, whether you use SQL Server authentication or Windows authentication.

  1. Open SQL Server Management Studio (SSMS).
  2. Connect to your SQL Server instance with an administrator account.
  3. In Object Explorer, expand the Security node.
  4. Right-click Logins, then select New Login.
  5. In the Login dialog:
    • Select Windows authentication.
    • Click Search and find the Windows user account, such as YourMachineName\NecBIAccount.
    • Click Ok.
  6. Under Logins, double-click your new user’s entry.
  7. In the left pane, select Server Roles and choose sysadmin for installation, or map only the required database roles after install.
  8. In User Mapping, select the databases and assign the appropriate roles (use the same minimum or maximum set as for SQL authentication).
  9. Click Ok to save.

Log shipping and limitations

If you plan to use SQL Server Log Shipping:

  • Expect a delay in reporting data, as updates to the replica are not instantaneous.
  • Users may occasionally experience bried UI connection losses during replica updates.
  • OLAP Manager is not compatible with log-shipped (read-only) databases, as a writable replica is required for trigger and tracking table management.