Several permissions in the Microsoft SQL Server database are required by Kofax Search and Matching Server in order to use it for the fuzzy database source. These permissions are necessary in order to access tables, views, synonyms, and stored procedures.

• Server-level permissions:

  • The logon object must have the following permissions:

    • CONNECT SQL

    • VIEW ANY DATABASE

  • The logon object must not have the following permission denied:

    • VIEW ANY DEFINITION

• Database-level permissions:

  • The database user must be a member of the public role. This happens by default when the user is created, but can be removed.

  • The database role or the database user if you are not using roles, must have the following permissions:

    • CONNECT must be granted to the database user so that the mapped logon is able to access the database.

    • VIEW DEFINITION must be granted or not denied in order to access the available tables, views, synonyms, and stored procedures.

    • SELECT must be granted either on the database level or for each of the table, views, or synonym objects.

    • EXECUTE must be granted for the stored procedure and synonym that references a stored procedure.

    • In the case of a synonym, the user or database role also requires the corresponding SELECT/EXECUTE permissions for the underlying object referenced by the synonym.

• Database-level system metadata permissions:

  • In order to list the databases available on the server as well as alist of tables, views, synonyms, or stored procedures that are available on the databases, you must grant some system metadata:

    • SELECT the following syntax views:

      sys.databases, sys.schemas, sys.objects, and sys.synonyms

  • In order to check if a table was modified since the last fuzzy database import some system metadata must be set.

    • SELECT the following syntax view:

      sys.dm_db_index_usage_stats

  By default, these system metadata permissions are granted to the public role.