VIDIZMO application comprises of a set of different components such as front-end web application, back-end windows services, WCF services, Database etc. VIDIZMO uses SQL Server as a database to store and retrieve application data, and as a typical web application requires an authenticated connection to the database.  For this purpose, a service account needs to be configured in the SQL Database for authentication and the right permissions for authorized access to the VIDIZMO databases.


This article describes the database service accounts that are required by VIDIZMO application to connect to the SQL Server, the minimum permissions required for these accounts and how to change the password in case the service account's password expires.


Note: VIDIZMO recommends setting these service account password to never expire. However, customer's IT security policies may not allow use of passwords that never expire and have a password rotation policy, in which case this process can be followed.



SQL Service Accounts & Permissions


There are two service accounts required for SQL Server, one is used to access the databases while other is used to configure SQL Reporting services. 


Service Account to access Data

VIDIZMO uses following four databases in SQL Server to store its data:


1. VIDIZMODB

2. SystemInformation

3. VIDIZMONotificationSystem

4. Logging



There are different permissions required by the service account to be able to read and write data to these databases in SQL Server. These permissions are:

Db_datareader: The db_datareader gives implicit access to SELECT against all tables and views in a database.

Db_datawriter: The db_datawriter gives implicit access to INSERT, UPDATE, and DELETE against all tables and views in a database.

Db_execute: The db_execute gives implicit access to execute Stored Procedures in a database.

Db_ddladmin: The db_ddladmin can create, drop, and alter objects within the database. This is required to manage the Full Text indexes used by VIDIZMO.



This service account must have the following minimum permissions on each database listed above:


1. VidizmoDB:

Db_datareader

Db_datawriter

Db_execute

Db_ddladmin


2. SystemInformation:

Db_datareader

Db_datawriter

Db_execute


3. VidizmoNotificationSystem:

Db_datareader

Db_datawriter

Db_execute


4. Logging:

Db_datareader

Db_datawriter

Db_execute



Service Account for SQL Reporting service


The other service account is used for SQL Reporting Service and it requires sysadmin role as it creates and updates Reporting databases in SQL Server database engine.



How to Change SQL Service Account Password in VIDIZMO Application


The following section covers the steps that need to be taken when a SQL Server account password needs to be changed due to expiry or any other reason. In such cases, the password needs to be updated in two places, one is in the application server registry while the other is web interface of SQL reporting services.


Note: This process involves downtime for the duration starting when the password is changed in the SQL Server to when the new password is configured in all VIDIZMO application instances and SQL Reporting Services. If this is a production environment, please make sure to provide sufficient notice of downtime for scheduled maintenance, ideally at an off-peak time.



How to update password in application server registry

Follow the steps given below to update password in application server registry.


1. On the Web Server where VIDIZMO application is installed, open Registry Editor by typing regedit command in Run window ( Win+R to open the Run dialog ), see below image.




2. Following screen should appear.




3. Navigate to HKEY_LOCAL_MACHINE >> SOFTWARE to open VIDIZMO keys at following registry paths:


HKEY_LOCAL_MACHINE >> SOFTWARE >> VIDIZMO

HKEY_LOCAL_MACHINE >> SOFTWARE >> WOW6432Node >> VIDIZMO



4. Update the password in string values of following three resources, as shown in below image. Perform the same step for both keys mentioned above.


notificationconnection

sysinfo

connection



How to update password in SQL Reporting Services Manager (web interface)


1. Click on Start icon and search Report Server Configuration Manager in your system and open it.




2. It will require a connection to the server as soon as it opens. Enter the Server Name and Report Server Instance in respective fields and click on Connect.




3. From the left panel, select Database and click on the highlighted Change Credentials option as shown below.




4. From the Change Credentials screen under Database Server tab, select Authentication Type and select SQL Server Account from the drop-down menu and type the current SQL Service Account User Name and Password. Click Next to proceed.




5. Under Credentials tab, enter new Password against your username. Click Next to proceed.




6. Under Summary tab, verify that you have changed password for the intended user on the intended SQL Server Instance. Once you have verified the information, click Next.




7. Under Progress and Finish tab, you will see the process being executed until completed successfully.




Once the new password has been configured, access your VIDIZMO Portal in your browser to make sure it is working properly.