Environment

• App Control Server: All Supported Versions
• Microsoft SQL Server: All Supported Versions

Question

Answer

1. During the initial installation of the App Control Server, the service account will need SYSADMIN rights on the SQL instance that will host the DAS database
2. After install, you may remove the SYSADMIN role from the service account, but make sure that still has the DB_OWNER permissions on DAS at all times
3. The following permissions are needed by the App Control service account in SQL server for proper operation of Health Checks Indicators and Diagnostic tasks
   • VIEW SERVER STATE - Allows collection of Parity performance statistics
   • VIEW ANY DEFINITION - Allows collection of Parity performance statistics
   • ALTER TRACE - Allows collection of on-demand SQL trace for performance diagnostics
   • ALTER SERVER STATE - Allows server to reset performance counters on daily basis, and better performance diagnostics
   • Run the following scripts in SQL Mgmt Studio:

     GRANT ALTER TRACE TO "DOMAIN\service_account"
     GRANT VIEW ANY DEFINITION TO "DOMAIN\service_account"
     GRANT VIEW SERVER STATE TO "DOMAIN\service_account"
     GRANT ALTER SERVER STATE TO "DOMAIN\service_account"

Additional Notes

• The SYSADMIN role contains the CREATE ANY DATABASE right which is required for installation but not required after install
• DB_OWNER permissions on DAS is automatically assigned to the service account during database creation (should never be removed)
• There should be an active SA account in SQL or the install may fail with "a critical database script"

Related Content