4 Replies Latest reply on Mar 7, 2011 9:40 AM by darkvicoamao

    Help with ePO admin user

      Hi, i want to create a domain user for the connection for the ePO and SQL Database . Right now the user i use for the database connection is a Member of Domain Users group and i want to create a new user with only the permissions need for the ePO for run. what i have read until now, make me think the only thing i need to grant access for the user, is in the ePO Database, i need to grant sysadmin permission for the user.

       

      Please correct my if i'm wrong, i don't wan't to make a mess in the ePO setup.

       

      Thanks for all.

       

      Cheers,

       

      Amaury

        • 1. Re: Help with ePO admin user

          You can create a domain user as a ePO user.......there is a option under configuration ---> user tab ----> new user..

           

          If you want to know more about how to create a user and manage permission set...find the below McAfee articles....

           

          https://kc.mcafee.com/corporate/index?page=content&id=KB51463

           

          https://kc.mcafee.com/corporate/index?page=content&id=KB51461

           

           

           

          ...Sundar....

           

          Message was edited by: sundar.8212 on 3/4/11 12:50:18 AM CST
          • 2. Help with ePO admin user

            Thanks for the response, i'm not looking for create ePO user's, i'm looking to change the user the ePO use to connect to the SQL Database.

             

            Right now i'm using a user in the Domain Admins Group, i wan't to change this for another user with less privileges in my Domain.

             

            I wan't to know what privileges this New Domain User need to have in order to work without problems.

             

            I have found that i only need the sysadmin privileges in SQL Database for this Domain User, but i want to confirm this before movin forward.

             

            Thanks

             

            Amaury

            • 3. Help with ePO admin user
              Sailendra Pamidi

              The minimum permissions needed for the SQL / Windows account used to access the SQL database is documented in KB59903

               

               

              After installation has completed, the account no longer needs the sysadmin role and it can be revoked. The account will, however, need at least the db_datareader, db_datawriter and db_ddladmin roles.

               

              Continue granting the account the db_owner database role for the ePO database.

               

              For ePO to function properly, the account should also have db_datareader and db_datawriter on the tempdb database, since ePO uses temporary tables and views as part of its operation.

               

              So in summary:

               

              db_owner role on the ePO database

              db_datareader and db_datawriter on the tempdb

               

              Sysadmin rights are not required at the server level.

              • 4. Help with ePO admin user

                The minimum permissions needed for the SQL / Windows account used to access the SQL database is documented in KB59903

                 

                 

                After installation has completed, the account no longer needs the sysadmin role and it can be revoked. The account will, however, need at least the db_datareader, db_datawriter and db_ddladmin roles.

                 

                Continue granting the account the db_owner database role for the ePO database.

                 

                For ePO to function properly, the account should also have db_datareader and db_datawriter on the tempdb database, since ePO uses temporary tables and views as part of its operation.

                 

                So in summary:

                 

                db_owner role on the ePO database

                db_datareader and db_datawriter on the tempdb

                 

                Sysadmin rights are not required at the server level.

                 

                 

                I have done the changes you sugested; i go to monitor the server for now.

                 

                Thanks.

                 

                Amaury