cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Requirement for SQL Server sysadmin privilege

Jump to solution

Hi,

From the RA Product Guide (v2.7.0), the database user configured in ePO must have sysadmin privileges.  As this is a very privileged role, could somebody confirm if this is only required for the install, or required all the time?  I am getting a few questions related to this, and am trying to understand (if it is required all the time) why this is the case.  Note that I am not a DBA, so I only have a basic working knowledge of SQL Server products.

cheers,

1 Solution

Accepted Solutions

Re: Requirement for SQL Server sysadmin privilege

Jump to solution

For Risk Advisor the sysadmin permissions are required even after install.  RA creates separate data files and for analysis uses sp_update stats which requires the db user to have sp_update stats.  RA also adds custom error messages to the list of database error messages using sp_addmessage. This procedure requires sysadmin and serveradmin server roles.

 

From Microsoft:

http://msdn.microsoft.com/en-us/library/ms173804.aspx

 

sp_updatestats permissions

Requires membership in the sysadmin fixed server role, or ownership of the database (dbo).

http://msdn.microsoft.com/en-us/library/bb669065.aspx  Explains the difference between DB_owner and DBO…specifically:

The dbo user account is frequently confused with the db_owner fixed database role. The scope of db_owner is a database; the scope of sysadmin is the whole server. Membership in the db_owner role does not confer dbo user privileges.

View solution in original post

3 Replies

Re: Requirement for SQL Server sysadmin privilege

Jump to solution

For Risk Advisor the sysadmin permissions are required even after install.  RA creates separate data files and for analysis uses sp_update stats which requires the db user to have sp_update stats.  RA also adds custom error messages to the list of database error messages using sp_addmessage. This procedure requires sysadmin and serveradmin server roles.

 

From Microsoft:

http://msdn.microsoft.com/en-us/library/ms173804.aspx

 

sp_updatestats permissions

Requires membership in the sysadmin fixed server role, or ownership of the database (dbo).

http://msdn.microsoft.com/en-us/library/bb669065.aspx  Explains the difference between DB_owner and DBO…specifically:

The dbo user account is frequently confused with the db_owner fixed database role. The scope of db_owner is a database; the scope of sysadmin is the whole server. Membership in the db_owner role does not confer dbo user privileges.

View solution in original post

Re: Requirement for SQL Server sysadmin privilege

Jump to solution

Hi,

Thanks for the fantastic answer - very detailed!  Still trying to get my head around it as strictly RA (or ePO) or the account used to access the relevant DB should be enough, so I still cant see why sysadmin is required.  However, I may not fully understand it yet, as per the second link provided!!!

cheers,

Re: Requirement for SQL Server sysadmin privilege

Jump to solution

Based on the answer provided above, how would you recommend we go about in a shared SQL environment, where Sysadmin will never be provided to the epo account. Move the database to another SQL server?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community