MS SQL Server Authentication Types
IBM Automatic Data Lineage supports the following authentication types for MS SQL server. The authentication method is controlled by the properties set in the JDBC connection string. When configuring a connection via Admin UI, the additional properties mentioned below are automatically added to the JDBC connection string based on the authentication method selected when the connection is saved. When creating a connection via Orchestration API, the user needs to specify the relevant properties on their own as part of the JDBC string. If no additional properties are specified, the authentication type SQL Server will be used.
MS SQL Server is used as backend storage for several technologies that Automatic Data Lineage connects to (in particular, MS SQL Server and all its flavors, SSIS, SSRS), and as such, the authentication mechanism and principles apply to all of them.
In those cases, the physical property names in the description below use the placeholder <technology> that should be replaced with the actual technology being referenced.
SQL Server
The user credentials are configured in MS SQL Server. SQL Server stores both the username and a hash of the password in the master database by using internal authentication methods to verify login attempts.
To use this authentication type:
-
Via Admin UI, simply select the
SQL Serveroption for the Authentication Type and specify the Username and Password. -
Via Orchestration API, set the
<technology>.authenticationTypeproperty toSQL Serverand specify the<technology>.extractor.usernameand<technology>.extractor.passwordproperties.
Native (Windows Only)
The identity of the user running Automatic Data Lineage is used to authorize access to MS SQL Server. MS SQL delegates the authentication to the Windows client where the user logged in.
To use this authentication type:
-
Via Admin UI, simply select the
Nativeoption for the Authentication Type. -
Via Orchestration API, set the
<technology>.authenticationTypeproperty toNativeand add the propertyintegratedSecurity=trueas part of the JDBC connection string.
NTLM
NTLM authentication allows you to authenticate a user against an active directory.
To use NTLM authentication:
-
Via Admin UI, simply select the
NTLMoption for the Authentication Type and specify the Domain (optional), Username, and Password. -
Via Orchestration API, set the
<technology>.authenticationTypeproperty toNTLMand add the propertyauthenticationScheme=NTLM;integratedSecurity=trueas part of the JDBC connection string. To specify the domain, add the propertydomain=<YOUR DOMAIN NAME>;— this property is optional.
JavaKerberos
Only the MS SQL Server scanner supports JavaKerberos authentication, which allows user authentication against a Kerberos Distribution Center. To use this authentication type:
-
Via Admin UI, simply select the
JavaKerberosoption for the Authentication Type and specify the propertiesmssql.username,mssql.password,mssql.extractor.authentication.krb5Conf, andmssql.extractor.authentication.jaasConf -
Via Orchestration API, set the
<technology>.authenticationTypeproperty toJavaKerberos, add the propertyintegratedSecurity=true;authenticationScheme=JavaKerberosas part of the JDBC connection string, and specify the propertiesmssql.username,mssql.password,mssql.extractor.authentication.krb5Conf, andmssql.extractor.authentication.jaasConf