App Control: What SQL permissions are required for the App Control service account
App Control Server: All Supported Versions
Microsoft SQL Server: All Supported Versions
What permissions are required for the App Control server service account in SQL Server
During the initial installation of the App Control Server, the service account will need SYSADMIN rights on the SQL instance that will host the DAS database
After install, you may remove the SYSADMIN role from the service account, but make sure that still has the DB_OWNER permissions on DAS at all times
The following permissions are needed by the App Control service account in SQL server for proper operation of Health Checks Indicators and Diagnostic tasks
VIEW SERVER STATE - Allows collection of Parity performance statistics
VIEW ANY DEFINITION - Allows collection of Parity performance statistics
ALTER TRACE - Allows collection of on-demand SQL trace for performance diagnostics
ALTER SERVER STATE - Allows server to reset performance counters on daily basis, and better performance diagnostics
Run the following scripts in SQL Mgmt Studio:
GRANT ALTER TRACE TO "DOMAIN\service_account"
GRANT VIEW ANY DEFINITION TO "DOMAIN\service_account"
GRANT VIEW SERVER STATE TO "DOMAIN\service_account"
GRANT ALTER SERVER STATE TO "DOMAIN\service_account"
The SYSADMIN role contains the CREATE ANY DATABASE right which is required for installation but not required after install
DB_OWNER permissions on DAS is automatically assigned to the service account during database creation (should never be removed)
There should be an active SA account in SQL or the install may fail with "a critical database script"