Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > Patch Manager SQL account permissions

Patch Manager SQL account permissions


This article lists the requirements for the Microsoft® SQL Server® accounts and account permissions used in Patch Manager.


All Patch Manager versions


When you install the Patch Manager, database you can install the database on a local server running SQL Server or a remote server. In both configurations, Patch Manager requires service and reporting accounts.

Service account

The Service account creates the Patch Manager database on the SQL database server and maintains communications between the Patch Manager server and the database. If you install the Patch Manager database on an SQL database server, you can select a specific service account or accept the default local service account. These accounts are created during the Patch Manager installation procedure.

Reporting account

The Reporting account is created when Patch Manager creates the database. During this process, Patch Manager also creates the ewreportuser account on the Patch Manager server. Patch Manager uses this account to run reports. You cannot change this account or define an alternative account. 

Service account requirements

If you decide to install the Patch Manager database on a remote SQL database server, the service account must be a domain account with access to a remote SQL database server.

Account membership

The service account must be a member of the SysAdmin group in SQL Server during the installation and upgrade procedures. This requirement allows the service account to create and modify the Patch Manager database. 


The service account does not require ongoing SysAdmin permissions in SQL Server. After the service account creates the Patch Manager database, the account becomes the database owner (DBO), which waives any requirements for elevated SQL permissions. This allows the service account to maintain a connection to the remote SQL server.

The service account may require SysAdmin permissions for upgrade activities. For example, the service account requires SysAdmin permissions if the upgrade requires changes to the database instance that stores the Patch Manager database. These requirements are documented for each version in the Patch Manager release notes.

(Optional) Mixed-mode Authentication

Patch Manager does not require mixed mode authentication on the remote SQL database server. The reporting account is a least-privilege account that only requires permission to connect and execute SELECT statements. Since it does not require SysAdmin permissions, mixed mode authentication is not required. 

Last modified