How to Add New Antero Users

This article will serve as a guide for Antero administrators needing to add new users to the Antero application

A note regarding Active Directory: we recommend that an Active Directory user group be created for each of the AllMax applications you have purchased.

Once each user group has been created, the users of each application should be added to their respective group via Active Directory, and then the entire group should be mapped with at least db_datawriter, db_datareader, and public roles to the AllMax license database for the application they will use, and each user database they will need access to from the Microsoft SQL Server Management Studio application.

Once the user group has been created and added to SQL, and the roles above applied to it, anytime a new user needs to be added to Antero, the user will simply need to be added to the Active Directory user group, and then added to the User Security section of the Antero application, and granted a role in Antero User Security.

If Active Directory is not available, and the client PCs and the serving computer are not attached to a domain, each user that accesses Antero from their own Windows login on their device will need added to the serving computer as a local computer user, and then granted a login to the SQL instance. Next, the login for each user needs at least db_datawriter, db_datareader, and public permissions mapped to it. Authenticating the users against the SQL instance requires that the local account created on the serving computer matches EXACTLY the Windows username of their login on their client PC, and the password on their client PC. For adding users in a Workgroup Environment, please see the section of this document labeled Adding Antero Users in a Workgroup Environment

If the users will share a Windows login to access Antero, only that shared login will need to be added as a local account on the serving computer.

This article will describe adding users in the presence and absence of Active Directory.

Adding Antero Users in a Domain Environment via Active Directory User Group

1. Create the Antero user group, and add each future user of Antero to it.

2. Open Microsoft SQL Server Management Studio, and connect to the SQL instance storing the AllMaxAntero license database, and the Antero user databases.

3. SSMS will connect to the SQL instance. From the Object Explorer pane on the left, expand the Security folder, then expand the Logins folder as in the image below.

4. Click the Search… button on the right-hand side of the Login-New window. The Select Users or Group window will open.

5. Select the Object Types… button, and ensure that the Groups checkbox is checked, then select OK to close the Object Types window. Click the Locations… button, then select Entire Directory, and press OK to close the Locations window. 

6. In the field labeled “Enter the object name to select”, enter the name of your User Group. 

7.  Click the Check Names button, and if the item was found, click the OK button. If it was not found, you will be presented with a window informing you that the item was not found. In the case it was not found, ensure that the correct Location and Object Types are selected, and that the username/user group was spelled correctly. 

8.  Once the OK button is clicked in step 7, the login name will be displayed in the Login – New window from step 3. 

 The next steps involve “mapping” the logins we created to the databases they’ll need access to. Mapping simply means setting the level of permissions or role each group requires to each database. Adding the user group has already given them access to the SQL instance so that they can connect to it via their AllMax application, mapping gives them roles/permissions to the actual databases on a per-database level.

AllMax Software creates one license database, and the actual “production”, or user database, and each group needs to be mapped to each one they need access to. For example: a client purchases Antero, configures SQL for use with AllMax Software products, then installs Antero, and creates a new license (license database), and a new Antero (production/user) database.

For users to open and use Antero, their SQL login will need mapped to the license database, and each user database they will work in, since we can add many user databases, but there will only ever be one license database per purchased product. 

9. At this stage, you should have a license database, and at least one user database. Antero license databases are always named AllMaxAntero.

If you have not created the license database or a user database, please do so before continuing.

10. User databases can have any name acceptable by SQL. Make a note of the name of the user database.

11. In the Login – New window, select User Mapping from the top-left pane. 

12. In the mapping page, you will see two panes. The top pane is a list of all databases in the SQL instance, including the AllMax user databases, AllMax license databases, some databases related to the functioning of SQL, and any other databases. The bottom pane has a list of checkboxes with each relating to a ‘role’ in the database selected in the top pane. 

13. Select the license database from the top pane by checking the checkbox next to it.

14. In the bottom pane, ensure that the following checkboxes are checked: db_datareader, db_datawriter, and public as in the image below:

15. Next, select the user database you have created from the list in the top pane of the User Mapping window. 

16. In the bottom pane, ensure that the following checkboxes are checked: db_datareader, db_datawriter, and public as in the image below. 

17. Now that the database roles for the user group have been mapped to the license database, and to each of the user databases to which the group needs access, you may press the OK button to apply the mappings. 

The user group now has access to SQL, and to the Antero license database, and each user database. Next up will be adding the users in the group to the Antero User Security section in Antero and then setting their respective role, which will require being logged in to Windows as a user that has the DB Admin role in Antero.

18. Open Antero, and click the File tab at the top of the main application window. The Application Information section will be displayed.

19. Select Database Admin from the left-hand side of the application window. The Database Administration section will be displayed.

20. Select User Security. The Security window will be displayed.

21. In the Security window, click the blue add symbol/Add User button as in the image below:

22. You will now see the Add User Security window. On the left-hand side of the Add User Security window, you will find a list of users pulled from Active Directory. Search for each user that was previously added to the User Group, and check the checkbox to the left of their username. If you cannot see the checkbox to the left of their username, you may need to drag the column headers around a bit to expose it.

23. Once you have all of the users selected, select a Role for them from the right-hand side of the Add User Security window, labeled Role Assignment.

24. Once a role is selected for the selected users, click the Add button in the top right area of the Add User Security window.

25. The Antero application can now be installed on the client PC, and connected to the SQL instance hosting the Antero license database.

If your users each require a different role in Antero, simply select each user requiring a specific role as in step 24 above, then select the role they require as in step 25, and then add the role as in step 26. Repeat these steps for each user requiring a unique role.

 

Adding Antero Users in a Workgroup Environment

Antero is primarily designed to run in a Domain environment, and authenticates users against SQL Server using their Domain username and password. In the absence of a Domain, a workaround needs to be implemented so that users can still be authenticated against SQL Server. In summary, each user will need to have a local account created on the server, and then that local account will be granted a login in the SQL instance. The local account created on the server must have the EXACT same username and password as the user's username and password that they use to login to Windows on their client PC and access Antero. If the user is currently using a PIN, or bio-metrics to login to Windows, they will need to switch to an account type that uses a username and password in order to run Antero and authenticate against the SQL Server instance.

1. From the user's PC that they will use to run Antero, collect the exact username and password used by the user to login to Windows. If they use a PIN, or bio-metrics to login to Windows, see the above note.

2. On the server, run the lusrmgr application by pressing windows key + R, and entering 'lusrmgr.msc' without the quotes, and then pressing the OK button from the Run dialog. See the screenshot below:

3. Once the lusrmgr application has started, you will see a folder in the farthest-left pane labeled Users. Right-click the Users folder, and select New User. The New User window will open. 

4. In the User name field, enter the username collected in step 1 of this section. Ensure that it is exactly the same as the username used by the user to login to their PC.

5. In the Password and Confirm Password fields, enter the password collected in step 1 of this section. Ensure that it is exactly the same as the password used by the user to login to their PC.

6. Configure the check boxes as in this screenshot, and press the Create button:

7. Repeat steps 1 - 6 for each user.

In the Workgroup scenario, any time the user's password changes on the PC they use to login to Windows and run Antero, the password for the local account created for that user on the server must have the password changed to match it exactly.

At this stage, the local accounts on the server have been created.

Next up, we will grant those local accounts a login to the SQL instance, and then map roles for each SQL login to the necessary databases so that the Antero application can connect to the SQL instance, and will have the correct roles for each database the user must access.

8. Open Microsoft SQL Server Management Studio, and connect to the SQL instance storing the AllMaxAntero license database, and the Antero user databases.

9. From the Object Explorer pane on the left, expand the Security folder, then expand the Logins folder as in the image below.

10. Click the Search… button on the right-hand side of the Login-New window. The Select Users or Group window will open.

11. Select the Object Types… button, and ensure that the Users checkbox is checked, then select OK to close the Object Types window. Click the Locations… button, and ensure that the local computer is displayed.

12. In the field labeled “Enter the object name to select”, enter the name of the User. 

13.  Click the Check Names button, and if the item was found, click the OK button. If it was not found, you will be presented with a window informing you that the item was not found. In the case it was not found, ensure that the correct Location and Object Types are selected, and that the user name was spelled correctly. 

14.  Once the OK button is clicked in step 7, the login name will be displayed in the Login – New window from step 3. 

 The next steps involve “mapping” the logins we created to the databases they’ll need access to. Mapping simply means setting the level of permissions or role each group requires to each database. Adding the user group has already given them access to the SQL instance so that they can connect to it via their AllMax application, mapping gives them roles/permissions to the actual databases on a per-database level.

AllMax Software creates a license database, and the actual “production”, or user database, and each group needs to be mapped to each one they need access to. For example: a client purchases Antero, configures SQL as in this guide, then installs Antero, and creates a new license (license database), and a new Antero (production/user) database.

For users to open and use Antero, they will need mapped to the license database, and each user database they will work in, since we can add many user databases, but there will only ever be one license database per product. 

15. At this stage, you should have a license database, and at least one user database. Antero license databases are always named AllMaxAntero.

16. User databases can have any name acceptable by SQL. Make a note of the name of the user database.

17. In the Login – New window, select User Mapping from the top-left pane. 

18. In the mapping page, you will see two panes. The top pane is a list of all databases in the SQL instance, including the AllMax user databases, AllMax license databases, some databases related to the functioning of SQL, and any other databases. The bottom pane has a list of checkboxes with each relating to a ‘role’ in the database selected in the top pane. 

19. Select the license database from the top pane by checking the checkbox next to it.

20. In the bottom pane, ensure that the following checkboxes are checked: db_datareader, db_datawriter, and public as in the image below:

21.  Next, select the user database you have created/restored from the list in the top pane of the User Mapping window. 

22. Next, select the user database you have created from the list in the top pane of the User Mapping window. 

23.  In the bottom pane, ensure that the following checkboxes are checked: db_datareader, db_datawriter, and public as in the image below. 

24. Now that the database roles for the user group have been mapped to the license database, and to each of the user databases to which the group needs access, you may press the OK button to apply the mappings. Repeat steps 12 - 24 of this section for each user.

The user now has access to SQL, and to the Antero license database, and each user database. Next up will be adding the users to the Antero User Security section in Antero and then setting their respective role, which will require being logged in to Windows as a user that has the DB Admin role in Antero.

25. Open Antero, and click the File tab at the top of the main application window. The Application Information section will be displayed.

26. Select Database Admin from the left-hand side of the application window. The Database Administration section will be displayed.

27. Select User Security. The Security window will be displayed.

28. In the Security window, click the black down facing arrow to the right of the blue plus sign, as in the image below, and select Add User from the menu that is shown.

29. You will now see the Add User window. In the Name field, enter the name of the user - this must match the username of the local account that was just created on the server, and it must match the username entered by the user to login to Windows on their PC. In the Full Name field, optionally enter the user's full name if desired, and then click the Save button in the top-right area of the Add User window. 

30. Now that the user has been added to Antero User Security, a role must be applied to their Antero username.

31. Select the user from the User List on the left side of the Security window, and choose a role for the user by checking one of the options in the Role Assignment section, shown in the image below:

32. If the user will need to access the Database Admin section of the application to create new users, or perform other administrative actions, check the box labeled DB Admin from the Privileges section shown above.

33. If the user will need access to the Setup Tools section of the application, check the box labeled Setup Tools from the Privileges section shown above.

34. The Antero application can now be installed on the client PC, and connected to the SQL server instance hosting the Antero license database.