What SQL rights are needed for the Application Identity service account?


Article ID: 181352


Updated On:


Management Platform (Formerly known as Notification Server)


What SQL rights or database permissions are needed for the Application Identity service account?  


The following content applies to Notification Server or Symantec Management Platform versions 8.x and prior versions.

Minimum SQL Security Requirements

The account that Notification Server uses to access the SQL database needs to be able to do the following:

  • Add, modify, and remove tables
  • Add, modify, and execute stored procedures
  • Add, modify, and remove views
  • Be the owner of the database

The Notification Server user account will need “dbcreator” permissions in order for the Notification Server installation process to create the Notification Database. If the SQL administrator creates the Notification Database prior to Notification Server installation, then this permission is not necessary.

Just point the installation process to the already present Notification Database.

On the Notification Database itself, the user will need the following permissions:

  • Public - General access to the database.
  • db_ddladmin - Adds, modifies, or drops objects in the database.
  • db_datareader - Sees all data from all user tables in the database.
  • db_datawriter - Adds, changes, or deletes data from all user tables in the database.
  • dbo_owner - Owns the database.

To verify that the Application Identity is DBO on the database, run the following SQL command as the Application Identity:

  • use Symantec_CMDB  --or replace with the name of the Notification Server database
  • select user
If that returns anything other than "dbo" then the user is not the DBO of the database.