Chat now with support
Chat with Support

LiteSpeed for SQL Server 8.9.8 - Security and Compliance Guide

Privilege and Grant Requirements

LiteSpeed requires the following privileges and grants:

Account Requirement

User account that performs the LiteSpeed installation

Windows administrator rights and DBA privileges required to
  • Install stored procedures and extended stored procedures
  • Create databases, tables, and indexes
  • Insert, update, and delete to/from the MSDB, LiteSpeedLocal and LiteSpeedCentral databases
User account that runs the LiteSpeed UI Console

Power User privileges (or some equivalent).

NOTE: When executing a Double Click Restore, Windows Vista, Windows Server 2008, and higher require that the Windows user account is an administrator.

NT AUTHORITY\SYSTEM

NT AUTHORITY\SYSTEM account must be added to the sysadmin server role on the local instances of SQL Server 2012 and higher in this very rare scenario:

  • You selected to configure centralized reporting and
  • The Central repository is on the same server as the Local repository and
  • You selected Local System on the Service Account step and
  • You selected to use Windows authentication for the repositories.
NT AUTHORITY\SYSTEM

(The privilege is only required at the time of installation and can be removed after installation is complete.) This account must be added to the sysadmin server role on each instance of SQL Server 2012 or higher in the following cases:

  • If you plan to use Windows authentication during Instance Configuration.
  • If you plan to complete installation using the Instance Configuration wizard that is launched automatically during installation.

Workaround: Do one of the following:

SQL Server service account

Sysadmin server role privileges required to

  • Push stats to local repository
  • Back up or restore using extended stored procedures
  • Execute a scheduled job
  • Start a job manually

TIP: The SQL service account needs at least read\write access to the following directory and all its contents:
C:\ProgramData\Quest Software\LiteSpeed\SQL Server\

NOTE: SQL Server Configuration Manager should always be used when changing SQL Server service accounts.

SQL Agent service account (or a proxy account)

Windows or SQL Server accounts specified during instance configuration (Start | All Programs | Quest Software | LiteSpeed for SQL Server | Instance Configuration)

For more information, see Configure Server Instances.

If you select SQL Server authentication, the SQL Server account must have sysadmin server role privileges, while the Activity Manager service account must have the Log on as a service permission and at least the db_owner privileges.

If you select the Windows authentication method for both the local and central repository, then the Activity Manager service account specified on the Service Account page must have the sysadmin privileges and the Log on as a service permission.

NOTE: If the central repository is located on another server, the LiteSpeed Activity Manager service account must have domain rights for two-way communication between the local and central repositories.

Windows or SQL Server account (Application Button | Repository Registration...)

For more information, see About Collecting Statistics in Repositories.

Db_owner of the central repository (required to retrieve data from the central repository)

Windows or SQL Server account (Application Button | SQL Server Registration...)

Sysadmin server role privileges required to

  • Connect to SQL Server and retrieve SQL Server properties
  • Back up or restore
  • Execute procedures, retrieve MSDB history
  • Access repositories

TSM with LiteSpeed

If using TSM, its recommended that the following line be added to the dsm.opt file used by LiteSpeed.

errorlogname "C:\ProgramData\Quest Software\LiteSpeed\SQL Server\Logs\dsierror.log"

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating