SQL Server Permissions:

1. The Service Account requires SYSADMIN during Server installation or upgrade.
2. The Service Account requires DB_OWNER on the das database at all times.
3. The Service Account need the following server-level permissions for Health Checks & Diagnostic tasks:

   Permission	Required	Reason
   VIEW SERVER STATE	Yes	Allows collection of App Control performance statistics.
   VIEW ANY DEFINITION	Yes	Allows collection of App Control performance statistics.
   ALTER TRACE	Yes	Allows collection of on-demand SQL trace for performance diagnostics
   ALTER SERVER STATE	No (but Recommended)	Allows Server to reset performance counters on daily basis, and provides better performance diagnostics

To assign the roles:

1. Launch SQL Server Management Studio and connect to the SQL Server.
2. Expand the Security folder > Logins
3. Right click the App Control Service Account > Properties > Server Roles
4. Check sysadmin and click OK.

To assign the permissions:

1. Verify the Service Account used for App Control Server (ex: Domain\Username).
2. Launch SQL Server Management Studio and connect to the SQL Server.
3. Click New Query, paste the script below and change Domain\Username to reference the Service Account accordingly.

   use master;
   GRANT ALTER TRACE TO Domain\Username
   GRANT VIEW ANY DEFINITION TO Domain\Username
   GRANT VIEW SERVER STATE TO Domain\Username
   GRANT ALTER SERVER STATE TO Domain\Username

4. Click Execute

Windows Permissions:

• Local Administrators group membership on the application server hosting the server software (web console).
• Logon as Batch Job
• Logon as Service