Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Patch Manager > SQL account permissions required by Patch Manager

SQL account permissions required by Patch Manager

Created by Seamus.Enright, last modified by MindTouch on Jun 23, 2016

Views: 89 Votes: 1 Revisions: 6

Overview

When you install Patch Manager, you have the option of using a local SQL server or a remote server for the Patch Manager database. In either case, Patch Manager requires two accounts to interface with the SQL server:

  • Service account: The Patch Manager service account creates the Patch Manager database on the SQL server, and then maintains communication between the Patch Manager server and the database. If you choose to use a local SQL server, you have the option to specify a particular service account, or accept the default local service account, which Patch Manager creates during the installation.
  • Reporting account: When Patch Manager creates the database, it also creates the ewreportuser account in SQL Server. Patch Manager uses this account to run reports, and you cannot change the account or define an alternative one.

Environment

Patch Manager requires the following of the service account, depending on the deployment option you choose.

  • If you choose to use a remote SQL server, the service account must be a domain account with access to a remote SQL server.
  • The service account must initially be a member of the SysAdmin group in SQL Server. This requirement allows the service account to create the Patch Manager database.
  • The service account does not require ongoing SysAdmin permissions in SQL Server. After it creates the Patch Manager database, it becomes the database owner (DBO), which waives any requirement for elevated SQL permissions.
  • The service account may require SysAdmin permissions for upgrade activities. For example, the service account requires SysAdmin permissions if the upgrade requires changes to the database instance that stores the Patch Manager database. Such requirements are documented on a per-version basis in the Patch Manager release notes.

Note: If you choose to run Patch Manager with a remote SQL server, Patch Manager has the additional requirement noted in this list. This allows the service account to maintain a connection to the remote SQL server.

Detail

Mixed-mode Authentication (not required)

Some users have questioned whether Patch Manager requires the remote SQL server to have mixed-mode authentication enabled. Patch Manager does not have this additional requirement, despite the fact it utilizes both a Windows account and a SQL account. The reporting account is a least-privilege account that only requires permission to connect and execute SELECT statements. Since it does not require SysAdmin permissions, mixed-mode authentication is not necessary.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 

Last modified
01:18, 23 Jun 2016

Tags

Classifications

Public