Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: What SQL Permissions Are Required for the App Control Service Account?

App Control: What SQL Permissions Are Required for the App Control Service Account?

Environment

  • App Control Server: All Supported Versions
  • Microsoft SQL Server: All Supported Versions

Question

What permissions are required for the Carbon Black Service Account in SQL Server?

Answer

  1. The Service Account will require SYSADMIN  during Server installation or upgrade.
  2. The Service Account must be the DB_OWNER on the das database at all times.
  3. The Service Account will also need the following server-level permissions for Health Checks & Diagnostic tasks:
    PermissionRequiredReason
    VIEW SERVER STATEYesAllows collection of App Control performance statistics.
    VIEW ANY DEFINITIONYesAllows collection of App Control performance statistics.
    ALTER TRACEYesAllows collection of on-demand SQL trace for performance diagnostics
    ALTER SERVER STATENo (but Recommended)Allows Server to reset performance counters on daily basis, and provides better performance diagnostics

Additional Notes

  • DB_OWNER permissions on das is automatically assigned to the Service Account during database creation, and should never be removed.
  • There should be an active SA account in SQL or the install may fail with "a critical database script".
  • More details can be found in the SQL Server Configuration Guide on VMware Docs > Server Documentation > SQL Server Configuration Guide.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
50% helpful (1/2)
Article Information
Author:
Creation Date:
‎09-24-2018
Views:
3962
Contributors