Environment
- App Control Server: All Supported Versions
- Microsoft SQL Server: All Supported Versions
Question
What permissions are required for the Carbon Black Service Account in SQL Server?
Answer
- The Service Account will require SYSADMIN during Server installation or upgrade.
- The Service Account must be the DB_OWNER on the das database at all times.
- The Service Account will also need the following server-level permissions for Health Checks & Diagnostic tasks:
Permission | Required | Reason |
---|
VIEW SERVER STATE | Yes | Allows collection of App Control performance statistics. |
VIEW ANY DEFINITION | Yes | Allows collection of App Control performance statistics. |
ALTER TRACE | Yes | Allows collection of on-demand SQL trace for performance diagnostics |
ALTER SERVER STATE | No (but Recommended) | Allows Server to reset performance counters on daily basis, and provides better performance diagnostics |
Additional Notes
- DB_OWNER permissions on das is automatically assigned to the Service Account during database creation, and should never be removed.
- There should be an active SA account in SQL or the install may fail with "a critical database script".
- More details can be found in the SQL Server Configuration Guide on VMware Docs > Server Documentation > SQL Server Configuration Guide.
Related Content