Submit a ticketCall us

WebinarUpcoming Webinar: Know What’s Changed – with NEW Server Configuration Monitor

Change management in IT is critical. But, even with a good change management process, changes are too often not correctly tracked, if at all. The configuration of your servers and applications is a key factor in their performance, availability, and security. Many incidents can be tracked back to an authorized (and sometimes unauthorized) configuration change, whether to a system file, configuration file, or Windows® Registry entry. Join SolarWinds VP of product management Brandon Shopp to discover how the new SolarWinds® Server Configuration Monitor is designed to help you.

Register now.

Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > Patch Manager SQL account permissions

Patch Manager SQL account permissions

Overview

This article lists the requirements for the Microsoft® SQL Server® accounts and account permissions used in Patch Manager.

Environment

All Patch Manager versions

Details

When you install the Patch Manager, database you can install the database on a local server running SQL Server or a remote server. In both configurations, Patch Manager requires service and reporting accounts.

Service account

The Service account creates the Patch Manager database on the SQL database server and maintains communications between the Patch Manager server and the database. If you install the Patch Manager database on an SQL database server, you can select a specific service account or accept the default local service account. These accounts are created during the Patch Manager installation procedure.

Reporting account

The Reporting account is created when Patch Manager creates the database. During this process, Patch Manager also creates the ewreportuser account on the Patch Manager server. Patch Manager uses this account to run reports. You cannot change this account or define an alternative account. 

Service account requirements

If you decide to install the Patch Manager database on a remote SQL database server, the service account must be a domain account with access to a remote SQL database server.

Account membership

The service account must be a member of the SysAdmin group in SQL Server during the installation and upgrade procedures. This requirement allows the service account to create and modify the Patch Manager database. 

Permissions

The service account does not require ongoing SysAdmin permissions in SQL Server. After the service account creates the Patch Manager database, the account becomes the database owner (DBO), which waives any requirements for elevated SQL permissions. This allows the service account to maintain a connection to the remote SQL server.

The service account may require SysAdmin permissions for upgrade activities. For example, the service account requires SysAdmin permissions if the upgrade requires changes to the database instance that stores the Patch Manager database. These requirements are documented for each version in the Patch Manager release notes.

(Optional) Mixed-mode Authentication

Patch Manager does not require mixed mode authentication on the remote SQL database server. The reporting account is a least-privilege account that only requires permission to connect and execute SELECT statements. Since it does not require SysAdmin permissions, mixed mode authentication is not required. 

Last modified

Tags

Classifications

Public