Minimum Database Permissions for Symantec Endpoint Encryption Administrators
search cancel

Minimum Database Permissions for Symantec Endpoint Encryption Administrators


Article ID: 152737


Updated On:


Endpoint Encryption Desktop Email Encryption Drive Encryption Encryption Management Server File Share Encryption Gateway Email Encryption PGP Encryption Suite PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK


This document explains what the minimum level of permissions are needed in order to allow the SEE administrators to successfully use the SEE Management Console.


The Domain User accounts must be given the proper rights to the SEE database in Microsoft SQL Server. 

In SQL Management Studio, on the left-pane:

  1. Security -> Right-click Logins -> New Login...
  2. Use the ‘Search...’ button to find the new Windows User; Set ‘Default database’ to the name of your SEE Database (referred to as SEEMSDb from this point); Set ‘Default Language’ to English.

  3. In the same ‘Login Properties’ box, on the left-pane click on ‘User Mapping’; check the box for SEEMSDb & select ‘db_datareader’ and ‘db_datawriter’ along with ‘Public’; Click OK to complete.

  4. On the left-pane, drill down into ‘Database’, find SEEMSDb and bring up properties

  5. Select ‘Permissions’ on the left-pane in the Database Properties dialog box.

  6. Select the Windows user on the right and Grant ‘Execute’ in addition to ‘Connect’; Click OK to complete.

The windows user should now be set to use the SEE Manager console from any machine.


Tip: In addition to the above permissions, the SQL Server service needs to have the proper permissions to be able to use with Symantec Endpoint Encryption.  Local Service will not be enough permissions for Symantec Endpoint Encryption. 

Additional Information