How to allow or deny certain user access to the ApexSQL Audit GUI

Applies to ApexSQL Audit

Summary

This article describes how to set permissions to run the ApexSQL Audit GUI.

Solution #1 (applies to ApexSQL Audit 2018.05 and higher)

Starting with the 2018 R5 release, application level security has been added to ApexSQL Audit. Individual users or groups are no longer automatically green flagged and allowed to perform configuration, reporting or other tasks, and only the Windows login used to install ApexSQL Audit is added as ApexSQL Audit user after the installation. All other Windows users and Groups must now be manually added as ApexSQL Audit users in order to run any tasks. When users are being added, they can be awarded different permissions. Roles are administrator, power user and data reader roles:

  • Administrator – has unlimited access to all application features
  • Power user – has access to all application features except for the user administration
  • Reader – can only create reports and schedules and see or run different checks. No access to configuration or tasks that could change auditing output

Managing accounts in ApexSQL Audit is very quick. To add or edit account, go to application Options in the main ribbon. Then, choose Manage accounts (1) tab and you will have access to the user configuration. Next, click on the Add (2) button and in the New user form (3) choose appropriate role for the user and provide users Windows login or Windows group name. Click OK (4) to complete the process

Solution #2 (applies to ApexSQL Audit 2018.04 and lower)

By default after the installation, Administrators and Users groups are granted permissions to execute the ApexSql.Audit.Gui.exe file – i.e. to run the ApexSQL Audit GUI. All examples below are based on a machine that belongs to Workgroup – the same logic applies to a domain.

ApexSQL Audit GUI properties

How to deny access to a specific user

All users need to have access to the ApexSQL Audit GUI, except one – JohnSmith. A rule must be added to the Windows file properties that denies file access to JohnSmith.

Navigate to the folder where ApexSQL Audit is installed. By default c:\ProgramData\ApexSQL\ApexSQLAudit\Bin\ i.e. 2015.2.1234.0\

  1. Right click the ApexSql.Audit.Gui.exe and choose Properties
  2. Open the Security tab
  3. Click Edit
  4. Click Add…
  5. Enter a username or group name

    The Select Users or Groups dialog

  6. Click OK
  7. The new entry will be added
  8. Check all Deny options in the Permissions section

    Permissions for ApexSQL Audit GUI

  9. Click OK

When this user tries to run the ApexSQL Audit GUI, the following error message is thrown

Error message

How to deny access to a group of users

To deny access to a whole group of users follow the steps described above. A rule must be added in the Windows properties that denies access to all users from the Guests group.