Security Settings

Various COM and DCOM applications, and Windows services are used in CampusNexus CRM. Users must be given access to these components in addition to permissions to other files and folders accessed by CampusNexus CRM.

Database Servers

The MSSQL Server Service, and MSSQL Server Agent on all CampusNexus CRM Database Servers must run using a single Domain account which is a member of the Windows Administrators group, and the SysAdmin SQL Server role. By default, the TalismaAdmin user is the owner for all CampusNexus CRM Jobs.

The following table describes the roles required for the various CampusNexus CRM user accounts.

CampusNexus CRM User Accounts
Account Name Security Type SQL Server Role Database Role for each database
Talisma Admin Application SysAdmin
  • Master: public
  • MSDB: public, TargetServersRole
  • DBs: public, db_owner
Windows User under which CampusNexus CRM is installed Trusted SysAdmin
  • Master: public
  • MSDB: public, TargetServersRole
  • DBs: public, db_owner
Talisma Internal Account

(Name = Talisma<License>)

 Application None
  • Master: public
  • MSDB: public, TargetServersRole
  • DBs: public, db_owner
Talisma Internal Account

(Name = Talisma<GUID>)

 Application None
  • Main
  • Database: public
Data Import Account (Name = TalismaDSN) Application SysAdmin
  • Master: public
  • MSDB: public, TargetServersRole
  • DBs: public, db_owner

CRM Services

The following table lists the accounts that must be used to log on to the respective CRM Services.

CRM Services Accounts
Service Name Log On Credentials
Job Service Domain Account
Campaign Dispatcher Domain Account and SQL Server User
Health Check Service Domain Account
Webform Sync Service Domain Account
Scheduled Report Service Domain Account

Notes:

The following components on the Scheduled Report Service computer must also work in the same domain account as the service:

  • TlRptToFile
  • Microsoft Excel Application

If a service is managed remotely using Database Administrator, the service must run using the Administrator account.

Application Server Service

The Application Server service is configured to run under the Interactive User account, which requires the user to be logged on to the computer on which Application Server is installed.

You can also configure the Application Server service to run under a Domain account. To do so:

  1. From the Start menu of the Application Server computer, select Settings, Control Panel. The Control Panel is displayed.

  2. Double-click the Administrative Tools icon. The Administrative Tools screen is displayed.

  3. Double-click the shortcut for Component Services. The Component Services screen is displayed.

  4. Expand the following nodes: Component Services, Computers, My Computer, and COM+ Applications. All COM+ applications are listed.

  5. Right-click the Application Server component, and select Properties from the shortcut menu. The COM+ Application Server Properties dialog box is displayed.

  6. Select the Identity tab.

  7. In the Account area, select the This user option, and click Browse to locate a user who has administrative privileges on the Application Server computer.

  8. Specify a password for the user in the Password field.

  9. Type the password again in the Confirm Password field.

  10. Click OK. Application Server is now configured to run using a Local Administrator account.

Notes:

  • The Domain User must have the Launch, and Access permissions.

  • The CampusNexus CRM Information Server DCOM Application must have Launch, and Access permissions.

Web Servers

The following table lists the permissions, and user accounts that must be configured using IIS Manager for the various CampusNexus CRM virtual directories.

CampusNexus CRM Virtual Directories
Virtual Root Name Directory Security Permission
Business Administrator

Read

Execute: Scripts, and Executables

Anonymous access, mapped to a guest account.
Media Web Server
WebTrak Web Server
Media Upload Virtual Root
Scripting
Web Client

Notes:

  • It is recommended that you use SQL Roles with Windows users or groups added to the role. However, the following accounts use local groups:

    • Talisma Admin
    • Windows User under which CampusNexus CRM is installed
    • Talisma Internal Account (Name = Talisma<License>)

  • While no other account must have dbo access, the SQL dbo must have access to all database objects. The Talisma internal account has SQL dbo access.

  • For the Scripting virtual directory, type a Windows NT user name and password. This user must have access to the Main Database.