SQL Account Configuration - Privilege or Role Requirements for Patch for Windows

Version 4

    Purpose

     

    This document covers the minimum account privilege requirements for using the Patch for Windows SQL database.

     

    Description

     

    Below are the privileges (roles) required within SQL for a user in possible scenarios:

     

    Database Creation:
    New installations of the Patch for Windows database require an account that has at least the DB_Creator role.

     

    If the account has nothing else but DB_Creator it will give the account the proper rights when it creates the database.  So for situations where you have a DBA involved you can have them add a windows user to SQL with DB_Creator, Patch for Windows can create the database, then after completion the DBA can remove DB_Creator from that user.

     

    Console User:
    Any Patch for Windows user must have the following roles assigned for the Patch for Windows database to use the product:

    db_datareader

    db_datawriter

    STCatalogUpdate

    STExec

     

    This must be configured for each user who will authenticate with the Patch for Windows database. 

     

    Upgrade Rights:
    When we upgrade the product there are typically schema changes to the DB.  These changes require additional rights that are not required for day to day usage of the product.  Ensure that you are using an account with this level of rights, otherwise the DB upgrade will fail.

     

    To successfully perform an upgrade of the Patch for Windows database the following roles will be required:

    db_securityadmin

    db_ddladmin

     

    Example of how you would see this in SQL Server Management Studio. In this example, the console database is named Protect:

    CreatNewSQLUser_roles.gif

     

    Additional Information

     

    More information from the Patch for Windows product documentation:

    SQL Server Pre-Installation Notes

    SQL Server Post-Installation Notes

     

    The ability to check these privileges will require a DBA or the use of SQL Server Management Studio.

     

    Affected Product(s)

     

    Ivanti Patch for Windows