If you'd like to save time setting the permissions for more than one user at a time, you can create a group in the Active Directory Domain Services. When a group is given access to an object (such as a PHDwin database), all members of the security group automatically receive the same access to the object. This group will represent and contain all of the users who will need to use PHDwin. If you prefer to assign privileges individually, it is much more time consuming (especially for a large group of users), but you can skip this step.

To create a domain group:

1.Log in to the server with the domain controller - the instance of SQL server used by PHDwin must have access to this domain controller.

2.Open up the Active Directory Users & Computers. This is found by opening Administrative Tools>Active Directory Users and Computers.

3.Find the domain that you would like to add the group to and expand it to find the Users grouping. Right-click on Users and select New>Group.

4.Give the group a Name and select the Group scope and group type. The group type should be "Security", the group scope will typically be "Global" but may depend on the rules and requirements of your company. Click OK to save the group.

5.Find the group that was created in the list of Users, right-click on it and choose Properties.

6.Click on the Members tab and then click on the Add button to add the first user to the group.

a.Under Select this object type, click on Object Types and make sure "Users" is selected.

b.Under From this location, make sure you are on the domain that you'd like to add users from. Click on Locations button to change this.

c.Type in all or part of the name of the first user that you'd like to add, and click on Check names. The user name should pop up, select it and hit OK.

d.Repeat this process for all of the PHDwin users that you'd like to be a part of this group.

7.Once you are finished adding users, click OK to save your changes.

More information on domain groups, including settings and adding or removing members can be found on Microsoft's website - https://msdn.microsoft.com/en-us/library/ms676913(v=vs.85).aspx.

Each domain group, if you're using them, or individual PHDwin user must be added as a login for the SQL Server that you've set up. This step can be skipped if you've installed SQL Server Express locally on your computer and you know that you are the System Administrator.

Adding a domain group as a login

1.Open up SQL Server Management Studio and connect to the instance you'll use to store PHDwin databases. The server must be a part of the domain that you created the group on.

2.Expand Security to find the Logins - right-click on Logins and select Add New.

3.Click on the Search button next to the Login name to search for the group that you created. This will open up a new window.

•Click on Object Types and make sure that Group is selected.

•Make sure the location underneath "From this location" is set correctly. You may need to click on the Locations button to choose the network that the group was created on.

•In the section that says "Enter the object names", type in the name of the group you created and click Check Names.

•The name of the group you were searching for should show up with the text underlined. Once the group is populated there, click OK to close the window.

4.Underneath the login name, you will choose the authentication method - Windows authentication or SQL Server authentication which allows you to specify a password for the group. If you use windows authentication, the domain will know which users are a part of the group and allow them to log in with the permissions for the group.

5.Go to the Server Roles tab.

•By default, the login will have a Public server role - this allows the users in the group login to connect to the SQL Server and View any database. They will not be able to create a database, or alter a database, which are both required to utilize PHDwin databases. These all must be explicitly granted if you only leave the login set to a Public server role.

•It is recommended that you also choose to make the login a DB Creator. This allows them to create any database as well as assigns them to be a user in new databases that are created, so you do not need to add the group login as a user in each new database manually.  

•You can also optionally make the user a System Admin. This gives them the ability to do anything they'd like to the server or databases. You will not need to worry about granting any other permissions or adding the login to a specific database if you choose this option. You can skip the rest of the permissions instructions for any users that are System Admins.

6.Go to the Securables tab and click on Search. A window will pop up asking which objects you'd like to add. Choose the last one - which should be the server you are connected to, and click OK.

7.On the bottom half of the Securables tab, you will choose the explicit permissions that are granted to the login for the entire server(any database). It is not required that you add permissions here. However, if you do not add the permissions here, you'll have to add the login as a user for each database, and the users in the group login may not be able to create or alter (edit) databases. The recommended settings here are to check the box to grant permissions to Alter any database, Connect SQL and Create any database. These options will allow users of the group login to create new PHDwin databases and edit them, run reports, etc. If you do not wish to grant these permissions at the server level, a system admin or someone with the proper permissions will have to create the databases and then you will have to assign the group login as a user in the databases you'd like them to have access to.

8.Click OK to save your changes.

Adding an individual user as a login

1.Open up SQL Server Management Studio and connect to the instance you'll use to store PHDwin databases. The server must be a part of the domain that the user exists on.

2.Expand Security to find the Logins - right-click on Logins and select Add New.

3.Click on the Search button next to the Login name to search for the user you're trying to add. This will open up a new window.

•Click on Object Types and make sure that User is selected.

•Make sure the location underneath "From this location" is set correctly. You may need to click on the Locations button to choose the network that the user exists on.

•In the section that says "Enter the object names", type in the name of the user you are looking for and click Check Names.

•The name of the user should show up with the text underlined. Once it is populated there, click OK to close the window.

4.Underneath the login name, you will choose the authentication method, it can be either Windows authentication or SQL Server authentication which allows you to specify a password for the user. If you use windows authentication, PHDwin will not require an additional password for this user to login.

5.Go to the Server Roles tab.

•By default, the login will have a Public server role - this allows the user login to connect to the SQL Server and View any database. They will not be able to create a database, or alter a database, which are both required to utilize PHDwin databases. These all must be explicitly granted if you only leave the login set to a Public server role.

•It is recommended that you also choose to make the login a DB Creator. This allows them to create any database as well as assigns them to be a user in new databases that are created, so you do not need to add the group login as a user in each new database manually.  

•You can also optionally make the user a System Admin. This gives them the ability to do anything they'd like to the server or databases. You will not need to worry about granting any other permissions or adding the login to a specific database if you choose this option. You can skip the rest of the permissions instructions for any users that are System Admins.

6.Go to the Securables tab and click on Search. A window will pop up asking which objects you'd like to add. Choose the last one - which should be the server you are connected to, and click OK.

7.On the bottom half of the Securables tab, you will choose the explicit permissions that are granted to the login for the entire server (any database). It is not required that you add permissions here. However, if you do not add the permissions here, you'll have to add the login as a user for each database, and the user may not be able to create or alter (edit) databases. The recommended settings here are to check the box to grant permissions to Alter any database, Connect SQL and Create any database. These options will allow users of the group login to create new PHDwin databases and edit them, run reports, etc. If you do not wish to grant these permissions at the server level, a system admin or someone with the proper permissions will have to create the databases and then you will have to assign the login as a user in the databases you'd like them to have access to.

8.Click OK to save your changes.

After you've set up all of your group or individual logins, you may want to assign them to individual PHDwin databases. This will be necessary if the login was not explicitly granted Create and Alter permissions, or if you'd like to enable additional database permissions, such as the ability to backup databases. In addition, you will definitely have to add the logins to the shared databases - PhdReports, PhdDefaults, PhdRules and PhdUsers.

To add a login as a user to any database:

1.Open up SQL Server Management Studio and connect to the instance used for PHDwin databases

2.Go to the list of Databases and find the database you're trying to add the user to. Expand the options to find Security. Right-click on Security and select New>User.

3.This will open a new window. Click on the browse button next to the Login Name and type in all or part of the name of one of the logins you previously created and would like to add as a user to this database. Click on Check Names or you can Browse the list of all the logins on the server to select it, and click OK.

4.Go to the Securables tab and click on the Search button to find the database to add.

•A new window will pop up asking which object types you'd like to add. You can choose the second option which is "All objects of the type..." and click OK.

•In the next window that pops up with the object types, put a check mark next to Databases and click OK. This will automatically select and add the current database for you.  

5.Once you've selected the database on the top half of the window, the bottom half of the Securables tab will display the options you have to grant the proper permissions for the database you're adding users to. Below are the minimum and recommended permissions you'll need to grant depending on the database and login permissions.

•If the login is a System Admin - you do not need to add the login to any specific database. This type of login has permissions to access all databases and perform any task necessary on the server.

•If the login is set to Public and DB Creator with Create and Alter permissions OR if the login is set to Public with Create and Alter permissions:

oFor the PhdDefaults, PhdReports, PhdRules and PhdUsers or any project databases -

•Required - connect, delete, execute, insert, select, update

•Optional - backup database, backup log, delete

•If the login is set to Public with no explicit permissions -

oFor the PhdDefaults, PhdReports, PhdRules & PhdUsers or any project databases -

•Required - connect, delete, execute, insert, select, update

•Optional - backup database, backup log

oFor all other PHDwin project databases - this login will not be able to create project databases. Another login with the proper permissions will have to do that, and then you will have to manually add them as a user to each PHDwin project database that you'd like them to have access to.

•Required - connect, delete, execute, insert, select, update,

•Optional - backup database, backup log

6.Click OK.