1 Reply Latest reply on Feb 25, 2014 1:19 PM by dmease729

    Minimum integration requirements for ePO




      Currently working on a new implementation within an enterprise environment, and all accounts used anywhere need to be documented, and have specific uses, along with the minimum required permissions.  To configure integration with an ePO server as a device in ESM9.3.0, you need an ePO application user (eg name ESMuser_app) and an ePO DB user (eg name ESMuser_db).  My question is what are the minimum requirements for each?


      ESMuser_db - Page 126 in the Product Guide (9.3.0) advises "You must have read privileges on the master database and ePolicy Orchestrator database to use ePolicy Orchestrator".  Would I be correct in saying that the only specific permissions required for this user would be db_reader for the Master and ePO databases?

      ESMuser_app - Page 126 in the Product Guide (9.3.0) advises "To access the tagging functionality, you must have the Apply, exclude, and clear tags and Wake up agents; view Agent Activity Log permissions." - now the default ePO permission set "Group Admin" covers these, but also includes a lot more.  To ensure that only the minimum required permissions are configured, would it be suitable to configure a specific ePO permission set with only the specific rights detailed in the ESM Product Guide?  Is there anything else that may be lost (as far as I am aware, everything is controlled via tags when referring to actions carried out on ePO by ESM).


      Any confirmation or expansion on the above would be greatly appreciated!



        • 1. Re: Minimum integration requirements for ePO

          Initial application connectivity check with minimum permissions (as described above) works fine.  Not sure if there will be any impact later but seems to be working for initial integration step.

          Initial DB connectivity check with minimum permissions (assigned both 'public' and 'db_datareader') to both the master and ePO databases) failed, with 'Test connection unsuccessful. (2) Unable to connect to mssql server (check credentials)'.  Now this later failure could be down to me as I am not an expert with SQL Server, and have previously been testing with the DB credentials used by ePO itself (/core/config) which work fine!