Permitting Access to Snapshot Tables

Do not give your users the same credentials EnterWorks uses to connect to the database. The EnterWorks user account has full access to the database. Allowing your users full access to the database not only poses a security risk, it also risks system and data stability, as it will allow your users to read and write to system and product tables. Do not give users full access to the EnterWorks database.

Also, follow your enterprise policy and procedures for granting access to users to ensure sensitive data is not exposed, including passwords. You may want to limit a user group’s access to only the objects they need to access.

When granting access to users, grant access to roles (user groups) rather than individual users. This follows EnterWorks’s user management best practices as it makes controlling user access easier and more efficient.

While granting access at the object level, (meaning a user can query only particular views), gives you the tightest control, it also requires the greatest amount of maintenance. Each time a snapshot table is rebuilt, the user must be re-granted access. You may want to consider writing a script to grant access and either allowing the user to run it, to have a process run it periodically, or to run it after any data model changes.

Another way to ensure the user has access to the latest view is to allow them the ability to access to all views in the database. This has the benefit of avoiding the need to re-grant view access each time a snapshot table is rebuilt.