cancel
Showing results for 
Search instead for 
Did you mean: 

Help with ePO admin user

Jump to solution

Hi, i want to create a domain user for the connection for the ePO and SQL Database . Right now the user i use for the database connection is a Member of Domain Users group and i want to create a new user with only the permissions need for the ePO for run. what i have read until now, make me think the only thing i need to grant access for the user, is in the ePO Database, i need to grant sysadmin permission for the user.

Please correct my if i'm wrong, i don't wan't to make a mess in the ePO setup.

Thanks for all.

Cheers,

Amaury

1 Solution

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Help with ePO admin user

Jump to solution

The minimum permissions needed for the SQL / Windows account used to access the SQL database is documented in KB59903

After installation has completed, the account no longer needs the sysadmin role and it can be revoked. The account will, however, need at least the db_datareader, db_datawriter and db_ddladmin roles.

Continue granting the account the db_owner database role for the ePO database.

For ePO to function properly, the account should also have db_datareader and db_datawriter on the tempdb database, since ePO uses temporary tables and views as part of its operation.

So in summary:

db_owner role on the ePO database

db_datareader and db_datawriter on the tempdb

Sysadmin rights are not required at the server level.

4 Replies

Re: Help with ePO admin user

Jump to solution

You can create a domain user as a ePO user.......there is a option under configuration ---> user tab ----> new user..

If you want to know more about how to create a user and manage permission set...find the below McAfee articles....

https://kc.mcafee.com/corporate/index?page=content&id=KB51463

https://kc.mcafee.com/corporate/index?page=content&id=KB51461

...Sundar....

Message was edited by: sundar.8212 on 3/4/11 12:50:18 AM CST

Help with ePO admin user

Jump to solution

Thanks for the response, i'm not looking for create ePO user's, i'm looking to change the user the ePO use to connect to the SQL Database.

Right now i'm using a user in the Domain Admins Group, i wan't to change this for another user with less privileges in my Domain.

I wan't to know what privileges this New Domain User need to have in order to work without problems.

I have found that i only need the sysadmin privileges in SQL Database for this Domain User, but i want to confirm this before movin forward.

Thanks

Amaury

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Help with ePO admin user

Jump to solution

The minimum permissions needed for the SQL / Windows account used to access the SQL database is documented in KB59903

After installation has completed, the account no longer needs the sysadmin role and it can be revoked. The account will, however, need at least the db_datareader, db_datawriter and db_ddladmin roles.

Continue granting the account the db_owner database role for the ePO database.

For ePO to function properly, the account should also have db_datareader and db_datawriter on the tempdb database, since ePO uses temporary tables and views as part of its operation.

So in summary:

db_owner role on the ePO database

db_datareader and db_datawriter on the tempdb

Sysadmin rights are not required at the server level.

Help with ePO admin user

Jump to solution

The minimum permissions needed for the SQL / Windows account used to access the SQL database is documented in KB59903

After installation has completed, the account no longer needs the sysadmin role and it can be revoked. The account will, however, need at least the db_datareader, db_datawriter and db_ddladmin roles.

Continue granting the account the db_owner database role for the ePO database.

For ePO to function properly, the account should also have db_datareader and db_datawriter on the tempdb database, since ePO uses temporary tables and views as part of its operation.

So in summary:

db_owner role on the ePO database

db_datareader and db_datawriter on the tempdb

Sysadmin rights are not required at the server level.

I have done the changes you sugested; i go to monitor the server for now.

Thanks.

Amaury