Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Patch Manager > SQL account permissions for Patch Manager

SQL account permissions for Patch Manager

Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 188 Votes: 2 Revisions: 8

When you install Patch Manager, you have the option of using a local SQL server or a remote server for the Patch Manager database. In either case, Patch Manager requires two accounts to interface with the SQL server:

  • Service account: The Patch Manager service account creates the Patch Manager database on the SQL server, and then maintains communication between the Patch Manager server and the database. If you choose to use a local SQL server, you have the option to specify a particular service account, or accept the default local service account, which Patch Manager creates during the installation.
  • Reporting account: When Patch Manager creates the database, it also creates the ewreportuser account in SQL Server. Patch Manager uses this account to run reports, and you cannot change the account or define an alternative one.

Requirements for the Service Account

Patch Manager requires the following of the service account, depending on the deployment option you choose.

  • If you choose to use a remote SQL server, the service account must be a domain account with access to a remote SQL server.
  • The service account must be a member of the SysAdmin group in SQL Server during installation and upgrades. This requirement allows the service account to create and modify the Patch Manager database.
  • The service account does not require ongoing SysAdmin permissions in SQL Server. After it creates the Patch Manager database, it becomes the database owner (DBO), which waives any requirement for elevated SQL permissions.

Note: If you choose to run Patch Manager with a remote SQL server, Patch Manager has the additional requirement noted in this list. This allows the service account to maintain a connection to the remote SQL server.

Mixed-mode Authentication (not required)

Some users have questioned whether Patch Manager requires the remote SQL server to have mixed-mode authentication enabled. Patch Manager does not have this additional requirement, despite the fact it utilizes both a Windows account and a SQL account. The reporting account is a least-privilege account that only requires permission to connect and execute SELECT statements. Since it does not require SysAdmin permissions, mixed-mode authentication is not necessary.

Last modified

Tags

Classifications

Public