The iMIS installer needs a sysadmin (System Administrator) account and password on your SQL Server because it creates special logins on the iMIS instance to enable system-level authentication between iMIS and SQL Server. These special logins spare iMIS users from needing a defined login or user on the SQL Server instance or iMIS database.
What access do I need?
To implement iMIS, these are the database permissions that you need:
1. Attach database (sysadmin): To attach iMIS to a new database, the installer needs a sysadmin account. You can use your sa account for this.
2. Use database (db_owner): To authenticate users to access your iMIS database instance, you just need a db_owner account.
If you are upgrading an existing iMIS database, you do not need a sysadmin account because the database is attached already.
Do I have to expose my sa password?
You can install iMIS without having to give your database's sa (System Administrator) user password to anyone. The installer uses the specified system administrator account to do tasks such as attaching the database, but it does not retain this account's information anywhere. As soon as installation completes, you may delete the temporary sysadmin account as long as you supplied a separate login for iMIS to run under.
Follow the steps below to use a temporary sysadmin account in place of your sa account:
To create a temporary sa account
For optimal security, create a temporary sysadmin account to use during installation.
1. Open Microsoft SQL Server Management Tools.
2. Using the sa login, connect the service that will host your iMIS database.
3. Go to Service > Security, right-click and select New > Login.
4. Enter a Login name (example: sa_temp).
5. Select SQL Server Authentication.
6. Enter and confirm a password.
Caution! Special characters in the password can disrupt command-line processing, so use only alphanumeric characters and ! # @, with no spaces. You may use hyphens and underscores after the first character, but avoid all other punctuation and symbols.
7. Deselect Enforce password policy.
8. On the Server Roles tab, select sysadmin.
9. Select OK.
10. Disconnect from the SQL service and verify that you can log into the service using the new login.
11. Only after installation is finished and verified, return to Microsoft SQL Server Management Tools and delete the temporary account.
To create a SQL account for iMIS to run under
For optimal security, create a separate account for iMIS to use to access to your database.
1. Open Microsoft SQL Server Management Tools.
2. Using the sa login, connect the service that will host your iMIS database.
3. Go to Service > Security, right-click and select New > Login.
4. Enter a Login name (example: imis_db).
5. Select SQL Server Authentication.
6. Enter and confirm a password.
Caution! Special characters in the password can disrupt command-line processing, so use only alphanumeric characters and ! # @, with no spaces. You may use hyphens and underscores after the first character, but avoid all other punctuation and symbols.
7. Deselect Enforce password policy.
8. Select OK.
9. Disconnect from the SQL service and verify that you can log into the service using the new login.