ApexSQL Audit 2016 and lower
This article describes how to set permissions for viewing ApexSQL Audit reports.
ApexSQL Audit offers web based reports through Internet Information Services (IIS). By default, access to these reports is granted to everyone except Anonymous Users. The default reports URL is localhost:41300. If there is another application that uses this port, ApexSQL Audit will take the next available one.
To control web report access, Internet Information Services Manager is required. Internet Information Service Manager is installed as a Windows feature:
- Open Control Panel
- Open Programs and Features
- Click Turn Windows features on or off
- Expand Internet Information Services
- Expand Web Management Tools
- Check IIS Management Console and IIS Management Service
- Click OK and wait for the installation process to finish
To allow or deny access to a specific user:
- Open Control Panel
- Open Administrative Tools
- Open Internet Information Services (IIS) Manager
ApexSQLComplyWebConsole is added as a website in IIS Manager
By default, Internet Information Services authentication is limited to Windows authentication only. If that is not the case, disable all other options except Windows authentication.
To control the web report logins, open .NET Authorization Rules
Add a rule to allow or deny access to a specific user, group, or role. These rules are applied from the first one in a list to the last.
For example, there are 5 different Windows users on the Production2 machine. Four of them need to have access ApexSQL Audit web reports, but JohnSmith doesn’t. A rule must be added to the .NET Authorization Rules to deny access to JohnSmith.
- Open .NET Authorization rules
- Right click and choose Add Deny Rule
- Choose Specified users
- Enter Production2\JohnSmith
- Click OK
After the rule is added, the .NET Authorization Rules show a new deny entry
Another example would be with 7 different Windows users on the Production2 machine. None of them should have access to ApexSQL Audit reports, except JohnDoe. A rule must be added to the .NET Authorization Rules that allows access to JohnDoe and denies it to everybody else, in that specific order.
After the rules are added, the .NET Authorization Rules show new allow and deny entries
These steps can be followed for every scenario: specific users, groups, and roles.