Submit a ticketCall us

Putting Your Logs Where They Belong with the New SolarWinds Log Manager for Orion

The new SolarWinds® Log Manager for Orion® finally puts your log data right where it belongs, in the heart of your Orion console. Gain insight into the performance of your infrastructure by monitoring your logs in a unified console allowing you to see a wealth of information about the health and performance of your network and servers.

Reserve a Seat for Wednesday May 23rd 11am CDT | Reserve a Seat for Tuesday May 22nd 10:30am GMT | Reserve a Seat for Tuesday May 22nd 1pm SGT / 3pm AEST

Home > Success Center > Patch Manager > Patch Manager SQL account permissions

Patch Manager SQL account permissions


This article lists the requirements for the Microsoft® SQL Server® accounts and account permissions used in Patch Manager.


All Patch Manager versions


When you install the Patch Manager, database you can install the database on a local server running SQL Server or a remote server. In both configurations, Patch Manager requires service and reporting accounts.

Service account

The Service account creates the Patch Manager database on the SQL database server and maintains communications between the Patch Manager server and the database. If you install the Patch Manager database on an SQL database server, you can select a specific service account or accept the default local service account. These accounts are created during the Patch Manager installation procedure.

Reporting account

The Reporting account is created when Patch Manager creates the database. During this process, Patch Manager also creates the ewreportuser account on the Patch Manager server. Patch Manager uses this account to run reports. You cannot change this account or define an alternative account. 

Service account requirements

If you decide to install the Patch Manager database on a remote SQL database server, the service account must be a domain account with access to a remote SQL database server.

Account membership

The service account must be a member of the SysAdmin group in SQL Server during the installation and upgrade procedures. This requirement allows the service account to create and modify the Patch Manager database. 


The service account does not require ongoing SysAdmin permissions in SQL Server. After the service account creates the Patch Manager database, the account becomes the database owner (DBO), which waives any requirements for elevated SQL permissions. This allows the service account to maintain a connection to the remote SQL server.

The service account may require SysAdmin permissions for upgrade activities. For example, the service account requires SysAdmin permissions if the upgrade requires changes to the database instance that stores the Patch Manager database. These requirements are documented for each version in the Patch Manager release notes.

(Optional) Mixed-mode Authentication

Patch Manager does not require mixed mode authentication on the remote SQL database server. The reporting account is a least-privilege account that only requires permission to connect and execute SELECT statements. Since it does not require SysAdmin permissions, mixed mode authentication is not required. 

Last modified