AddAuditServerAccount method

Adds a management database account to the list of accounts allowed to access this audit store database.

Syntax

void AddAuditServerAccount(
	string userName,
	bool isWindowsAccount
)

Parameters

Specify the following parameters when using this method.

Parameter Description

username

The user name of the management database account you want to add. If the account is a Windows system account, use the Windows domain account name for this parameter.

bool

Set to true if the account you’re adding is a Windows system or domain account; otherwise, false.

Errors

The AddAuditServerAccount method may throw one of the following exceptions:

  • Centrify.DirectAudit.Common.Logic.AuthenticationException if you do not have permission to connect to the Microsoft SQL Server instance or the management database.
  • Centrify.DirectAudit.Common.Logic.ConnectDatabaseException if you cannot connect to the Microsoft SQL Server instance either because the Microsoft SQL Server instance is not running and does not allow remote connections.
  • Centrify.DirectAudit.Common.Logic.UnauthorizedException if you do not have the Manage SQL Login permission on the audit store.

Discussion

When you attach a new database to the audit store, you must set the database to allow access by the management database account. If the management database account is a Windows system account, you must explicitly specify the Windows domain account name in the username parameter. For other Windows accounts and for SQL accounts, you can pass the management database’s Account.UserName property to this method as the user name.

Example

The following code sample first checks each account to see if it’s a Windows system account. If the installation does not use a system account, the code passes the Account.UserName property to the AddAuditServerAccount method as the user name. If the installation uses a system account, it passes the Windows domain account name instead.

...



' Grant permission to management database to access the audit store database

SET objAuditServers = objInstallation.AuditServers

FOR EACH objAuditServer IN objAuditServers

SET objAuditServerAccount = objAuditServer.OutgoingAccount

IF NOT objAuditServerAccount.IsSystemAccount THEN

	objAuditStoreDatabase.AddAuditServerAccount & _ 

		objAuditServerAccount.UserName, & _ 

		objAuditServerAccount.IsWindowsAccount

        wscript.echo "Added management database account '" & objAuditServerAccount.UserName & "'."

    ELSE

'Add management database accounts for those management databases running in 

' system account; e.g. NT Authority/Network Service

'

DIM strAuditServerAccount

DIM isAuditServerWindowsAccount

isAuditServerWindowsAccount = true

strAuditServerAccount = "DOMAIN\MACHINE$"

objAuditStoreDatabase.AddAuditServerAccount strAuditServerAccount, & _ 

	isAuditServerWindowsAccount

wscript.echo "Added management database account '" & strAuditServerAccount & "'."

END IF

NEXT

See also