Group login
Multiuser installations using NT Security (Integrated security) should always use a group login to the database. This group login is mapped to the same AD group used to give access to the file share. The login should have the FastTrak database as it's default database, and should only be given the public role in this database. This can be done from MS SQL Server Management Studio like this:
USE master;
CREATE LOGIN [YOUR_DOMAIN\GROUP_OF_FASTTRAKUSERS] FROM WINDOWS WITH DEFAULT_DATABASE = [EFT00099];
Replace the green tokens with relevant identifiers for your local installation.
General
All individual users are added to the database with the FastTrak role as a minimum. This happens automatically if FastTrak or AdminTool is used to add them. Specifically, nobody should be given the roles db_datareader and db_datawriter. The DbGrants.exe tool will remove users from these groups when it is run. Running this tool is part of the standard database update process.
Adding users
Users can be added in the application, via the Superuser menu, or via AdminTool (available on the same menu). If users are added with database tools, e.g. if there is a need to add users in bulk, there is a stored procedure in the FastTrak database that should be used:
EXEC dbo.AddUser'YOUR_DOMAIN\USER_NAME_TO_ADD';
GO
Replace the red string with the relevant identifiers.
Role memberships
Role membership should be managed exclusively through the FastTrak application, via the Superuser menu, except for the db_owner role which can be given with database tools.