Database Roles


The UAAR Enterprise DataLog controls access to the database through SQL Database Roles. Fourteen roles control which tables, views, and stored procedures a specific user can access. The SQL “public” role is not granted any permissions in the UAAR Database.


Database roles can be assigned directly to Windows Domain Accounts or Domain Groups to provide integrated security. Although it is possible to access the Enterprise database through SQL Accounts, it is not recommended.


All of the Database roles can be assigned in the UAAR DataLog directly. However, these roles can also be assigned directly in the database using Enterprise Manager or SQL.




Role Definitions


UAAR_BusinessAdmin [Applies to DataLog, ClickForms, Maven]
These users have access to set up Rule Sets and the Sale Index. As part of that setup, they can control the Server Responses. This includes marking responses as approved and merging responses to clean up sale data. The UAAR_BusinessAdmin role is also required to delete sales from the Enterprise database.


UAAR_DeleteSales [Applies to DataLog]
This access is intended for the user who is not a BusinessAdmin user, but who needs to be able to delete sales.


UAAR_MavenApi [Applies to Maven]
Used for third parties to access the read only API functions.


UAAR_MavenApiWrite [Applies to Maven]
Used for third parties to access the read only API functions.


UAAR_MavenUser [Applies to Maven]
This role is needed to log into the Maven website. It does not grant any access beyond logging in. In order to see any data or do any work users will need additional roles.


UAAR_MessageCreation [Applies to None]
Not Used


UAAR_ModelAdmin [Applies to Maven]
User can create, edit and approve models. This includes everything under the top level “Setup” item


UAAR_ModelEditor [Applies to Maven]

User can edit existing models.


UAAR_PowerUser [Applies to None - intended for third party reporting]
This user has all of the same rights as the UAAR_User. In addition, the Power User has read access to additional supporting tables and views. This access is intended for users who need direct access to the database for ad hoc reporting.


UAAR_RangeSetup [Applies to DataLog]
The user can setup and Maintain Range of Values in DataLog


UAAR_ReadOnly [Applies to DataLog]
This user has access to search for and view sales in the database but cannot execute the stored procedures that insert or update sales data.


UAAR_ReportCreate [Applies to Maven]
User can create a new appraisal or evaluation. This user automatically has the  UAAR_SubjectEntry permissions as well.


UAAR_ReportSupervisor [Applies to Maven]
Allows the user to apply a second signature to complete reports started by trainees.


UAAR_ReportView [Applies to Maven]
User can search for and view appraisal reports or evaluations saved in the system.


UAAR_SubjectEntry [Applies to Maven]
Allows the user to enter new subject properties


UAAR_SystemAdmin [Applies to DataLog, Maven]
This user has access to set up Database Roles and Access Groups. In order to set up Database Roles for new users, a SQL database user may need to be added. To accomplish this the UAAR_SystemAdmin role is granted the system role of db_securityadmin. If a domain account or group is given access to a database role and that user is not a user in the database, the system stored procedure sp_grantDBaccess is executed to grant that user access.


UAAR_User [Applies to DataLog, ClickForms]
This user has access to search for and view sales and insert or update sales. In order to insert or update sales, users must also have permissions to a specific Access Group.

--------

UAAR_WebService [Applies to Maven]
This role should not be assigned to end users. It should be used by the service account connecting to the database from the Web Application.  



AG_AddCommidity [Applies to Chattel]
Users can add commodities in the setup section.

AG_AddConditions [Applies to Chattel]

Users can add conditions in the setup section.

AG_AddMakeAndModel [Applies to Chattel]
Users can add makes and models in the setup section.

AG_AddTypes [Applies to Chattel]

Users can add types in the setup section.

AG_BusinessAdmin [Applies to Chattel]

Users have access to the setup section.


AG_ChattelUser [Applies to Chattel]

Users have access to Chattel.

AG_MobileApp [Applies to Chattel]

Users authorized to use the Mobile App.


AG_ModelAdmin [Applies to Chattel]

Users can edit templates in the Setup section


AG_ModelEditor [Applies to Chattel]

Users have access to the Setup tab.


AG_ReadOnly [Applies to Chattel]

Users with access to search sales.


AG_ReportCreate [Applies to Chattel]

Users can create reports.

AG_ReportSupervisor [Applies to Chattel]

Users Allowed to Rollback Valuation.


AG_ReportView [Applies to Chattel]

Users are able to view reports.


AG_SubjectEntry [Applies to Chattel]
Users can enter subjects.


AG_SystemAdmin [Applies to Chattel] 
Users can set up 3rd party integration and see mobile data statuses. 


--------

ChattelWebService [Applies to Chattel]
This role should not be assigned to end users. It should be used by the service account connecting to the database from the Web Application.