Access rights requirements of the "PUBLIC" Server Role in SQL database
search cancel

Access rights requirements of the "PUBLIC" Server Role in SQL database


Article ID: 176418


Updated On:


Endpoint Protection


  • After installing a new SEPM with a new SQL database, the rights "ALTER ANY LOGIN" are added to the "Public" SQL Server Role. 
  • What rights are required in the "Public" Server Role in my SQL environment 


SEPM 14.0 and above connected to a SQL database


The public server role requires the following securables under "servers":

View any database
Alter any login

These permissions will automatically be added after DB creation. 

The "Alter any Login" securable is required to allow a password reset of the "REPORTER_DBNAME" account during a SEPM reconfigure from a SQL Authentication set-up to a Windows Authentication set-up. 
It was necessary to add this access as SQL Server doesn't support to grant alter just one specified user to a role.

NOTE: This permission is only needed for the Management Server Configuration Wizard to properly update the REPORTER_DBNAME account password. Once the wizard has finished running the permission is no longer required. If this permission is removed it will need to be re-added prior to running the configuration wizard again. This includes performing an upgrade.