Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ System Platform

TABLE OF CONTENTS

Set the SQL Server security mode

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMay 14, 2025
  • 2 minute read

If you are an SQL administrator, you can use the SQL Access Configurator to set user privileges within SQL Server for accessing and using Galaxy databases (the Galaxy Repository). A shortcut to the SQL Access Configurator is created in the AVEVA folder when you install Application Server or Historian.

SQL Server configurator

User privileges are determined by the security mode. Two security modes are available:

  • Legacy mode. Authenticated users have the sysadmin privilege and are not restricted from any SQL Server activity, including creating, modifying, and deleting any SQL Server database.

    Select Legacy mode to ensure that users can perform all Galaxy operations. If users will frequently be restoring Galaxies created with previous versions of Application Server, this may be the preferred setting.

  • Enhanced security mode. This is the default setting. This mode removes the sysadmin privilege from Application Server users, and retains only the minimum privileges needed for usual operations.

    Select Enhanced Security mode for compliance with corporate or other IT security requirements or guidelines.

    If you use Enhanced Security Mode, you may be prompted to provide SQL sysadmin user credentials when restoring a Galaxy that was created with an older version of Application Server. You do not need sysadmin credentials to restore Galaxies created with the current version of Application Server.

    Enhanced Security Mode removes the SQL sysadmin role from, and adds the bulkadmin role to the following SQL logins:

    • NTAUTHORITY\SYSTEM

    • <NodeName>aaAdministrators (local security group that contains the Network Account)

To change the SQL security mode with the SQL Access Configurator

Warning: The SQL Access Configurator automatically restarts the computer to ensure system stability. If you select OK, you will not be able to cancel the restart.

  1. Select the SQL Server security mode:

    • Legacy Mode.

    • Enhanced Security Mode (default).

  2. Select the authentication type:

    • Windows authentication (default).

    • SQL Server authentication.

  3. Provide SQL sysadmin login credentials (User Name and Password).

  4. Select OK. The system will restart automatically.

  5. Optional: If you selected Enhanced Security Mode, open SQL Server Management Studio and look under Security\Logins. Check that the NTAUTHORITY\SYSTEM and <NodeName>aaAdministrators logins do not have the sysadmin server role.

    Note: The system performs a check prior to changing to Enhanced Security Mode. This is to ensure that at least one account will exist with the SQL sysadmin privilege after the change. If the system check determines that no accounts with the SQL sysadmin privilege will remain after changing modes, an error message will be displayed and security will remain in Legacy Mode.

TitleResults for “How to create a CRG?”Also Available in