Security Model & Permissions
|
Security Model & Permissions |
|
|
Peer DRS Help > Getting Started > Security Model & Permissions |
The most important part of configuring Peer DRS is making sure that all components of the replication process have the proper permission to read and write to the drives or network share where the backup files are stored. To fully understand this concept you must realize that there are 3 distinct components to the replication process and thus three distinct perspectives for the user account that is executing each piece of the process:
| 1. | Backup: All backups are performed by the primary database server instance and the user account which that process runs under must have permission to execute the backup command as well as permission to write to the configured Backup Folder. |
| 2. | Copy: The user account that the Peer DRS application runs under must have read-write access to the shared Backup Folder as well as any configured Target File Copy Destination Folder since the application is responsible for performing all file copies. |
| 3. | Restore: All Target Database restores are performed by each configured Target Database Server instance and the user account which that process runs under must have permission to execute the restore command as well as permission to read from the configured Target File Copy Destination Folder. |
When using a network share as the Backup Folder, the network share must be specified as a UNC path e.g. \\server\directory and not as a mapped network drive, e.g. X:\directory since most database server installations are run as a service and will not have access to mapped network drives. Moreover, for network backups and restores to work, make sure your Primary and Target Database instances are NOT running under a system account. These services must run using a domain account and this domain account must have read and write permissions on the network share or drive. There are of course ways around this, but configuring the process to run under a domain user account is highly recommended.
Note: The MS Exchange Server replication module's backup and restore process works slightly different then this process, and as a result the security model is different. See the Exchange Backup & Restore Process section for more details.