This KB article outlines the requirements for the user accounts used to logon to BSI services
CA Business Service Insight 8.x and 9.x
When you install BSI, you are prompted to provide a domain account as part of the installation.
This account is used to start some of the BSI services, for the required COM+ component and to grant rights to the MSMQs.
It is recommended that this account also be the account you log into the server to perform the install. While not required, if you are not also logged in with the account for the install then it is recommended you follow through the document about changing the user account and verify you have the account properly set.
What rights does the account require?
1. Domain rights
2. Local Administrator rights
Whether the account is a domain account as discussed above or a local account only, the account MUST be a member of the local Administrators group. It is assumed the Administrators group contains all the default rights that Microsoft gives this group when it is created. We do not support trying to reduce the rights on the Administrators group (or it would no longer be a local Administrator).
Some of the default rights it should have would include: