Applies to ApexSQL Audit
This article describes how to set permissions to run the ApexSQL Audit GUI.
Solution #1 (applies to ApexSQL Audit 2018.05 and higher)
Starting with the 2018 R5 release, application level security has been added to ApexSQL Audit. Individual users or groups are no longer automatically green flagged and allowed to perform configuration, reporting or other tasks, and only the Windows login used to install ApexSQL Audit is added as ApexSQL Audit user after the installation. All other Windows users and Groups must now be manually added as ApexSQL Audit users in order to run any tasks. When users are being added, they can be awarded different permissions. Roles are administrator, power user and data reader roles:
- Administrator – has unlimited access to all application features
- Power user – has access to all application features except for the user administration
- Reader – can only create reports and schedules and see or run different checks. No access to configuration or tasks that could change auditing output
Managing accounts in ApexSQL Audit is very quick. To add or edit account, go to application Options in the main ribbon. Then, choose Manage accounts (1) tab and you will have access to the user configuration. Next, click on the Add (2) button and in the New user form (3) choose appropriate role for the user and provide users Windows login or Windows group name. Click OK (4) to complete the process
Solution #2 (applies to ApexSQL Audit 2018.04 and lower)
By default after the installation, Administrators and Users groups are granted permissions to execute the ApexSql.Audit.Gui.exe file – i.e. to run the ApexSQL Audit GUI. All examples below are based on a machine that belongs to Workgroup – the same logic applies to a domain.
How to deny access to a specific user
All users need to have access to the ApexSQL Audit GUI, except one – JohnSmith. A rule must be added to the Windows file properties that denies file access to JohnSmith.
Navigate to the folder where ApexSQL Audit is installed. By default c:\ProgramData\ApexSQL\ApexSQLAudit\Bin\
- Right click the ApexSql.Audit.Gui.exe and choose Properties
- Open the Security tab
- Click Edit
- Click Add…
Enter a username or group name
- Click OK
- The new entry will be added
Check all Deny options in the Permissions section
- Click OK
When this user tries to run the ApexSQL Audit GUI, the following error message is thrown
How to deny access to a group of users
To deny access to a whole group of users follow the steps described above. A rule must be added in the Windows properties that denies access to all users from the Guests group.