This article describes the SQL permissions needed to install and use ePO.
For instructions on how to access the
Database Configuration page and obtain the following information, see
KB51465 - How to set SQL authentication account information:
- Database server
- Server instance
- Database name
- Authentication type
- Username
- User password
New installation or upgrade to ePO 5.10
The account you use for a new installation of ePO must have the following server roles:
- Public
- Dbcreator—After the database is installed, you can remove the dbcreator role from the ePO SQL user.
NOTE: The ePO SQL user is created with the
db_owner database role permission on the ePO database.
Upgrade or update installation
The account you use to apply an
upgrade or
update to ePO must have the following database roles:
NOTES:
- When you upgrade to ePO 5.9.0, there's a defect that makes it necessary to add sysadmin role to the account you used to make a new installation. This requirement results from a defect corrected in ePO 5.9.1. The Sysadmin permission requirement wasn't by design.
- The upgrade to ePO 5.10.x requires db_creator permissions because a new database (epo_Events) is created in the upgrade.
IMPORTANT: There are more requirements to use a Windows account instead of an SQL account for the database. For details, see
KB81146 - Failed to connect to the ePO database.
For instructions on how to download updates, see
KB56057 - How to download Enterprise product updates and documentation. Updates are cumulative; Technical Support recommends that you install the latest one.
General day-to-day operations
The account used for everyday operations must ideally have the following database roles:
If you do
not want to use the
db_owner role for the account that you use to access the ePO database, follow the steps below:
- Create a database role on the ePO database:
- Log on to SQL Management Studio with an account that has Administrator rights.
- Under the SQL Server that hosts the ePO database, expand Databases.
- Expand the ePO database, Security, Roles, Database Roles.
- Right-click Database Roles and click New Database Role.
- Type db_execute as the Role Name and click OK.
- Grant Execute permissions to the new role:
- Click New Query from the toolbar.
- Select the ePO database from the Available Databases drop-down list.
- In the query window, enter the following command:
GRANT EXECUTE TO db_execute
- Click Execute or press F5 to run the query.
NOTE: Make sure that the following message displays in the Messages box:
"Command(s) completed successfully".
- Map the account to the database roles:
- Expand Security, Logins under the SQL Server that hosts the ePO database.
- Right-click the account that you want ePO to use to access the database, and click Properties.
- Click User Mapping under Select A Page.
- Select the ePO database under the Map column.
- In the lower part of the window, select the following roles:
- db_datareader
- db_datawriter
- db_ddladmin
- db_execute
- Public
- Click OK.
