Unsolved
This post is more than 5 years old
105 Posts
0
2071
August 24th, 2017 15:00
How to protect SQL using service account with least privilege?
I need to enter in a service account when connecting to the SQL server in the AppSync > Copy Management > Microsoft SQL Server settings in AppSync 3.5.
Chapter 6 (Protect SQL Server) in the AppSymc 3.5 User and Administration guide is unclear about what SQL server permissions are needed by this service account. The guide only references how to get a domain account access to log onto the Windows servers, not what permissions are needed inside SQL (Page 108: Setting up permissions for a domain account that does not have local administrator privileges )
I’m assuming at a minimum the service account needs to be able to:
- - Run “backup database” commands
- - Restore and create databases
- - Manage Windows failover cluster resources
In our environment, simply being a member of the local administrators group does not give you access to SQL server. The DBAs must grant access to the SQL instances/databases.
If I use an account that has full administrator permissions on Windows and full SQL server permissions everything works fine. However, I need to use a dedicated service account with limited permissions.
How do I setup the permissions on SQL server to allow this dedicated service account to have least privileges?
Ben
schifa
82 Posts
0
August 25th, 2017 07:00
Ben,
I am sorry it is not clear, but the role to support SQL copy management is the sysadmin role. I attached the screen shot of where the permission is added.
sysadmin check box
Members of the sysadmin fixed server role can perform any activity in the Database Engine.