Ivanti Support are often asked what the required account permissions are when running the Server Configuration Portal/Utility for setting up Personalization Server or Management Center. The permissions required are described below.
The account which is setting up the database must have the following server-level permissions, this is all that is required the first time the database is created:
During setup, the account will be given db_owner on the database. It will also be added to the ManagementServerAdministrator (for Management Server) or ProfileServerAdministrator (for Personalization Server) database role.
The account which will be used to run the service only needs the following permission:
Note: the service account does not need to exist within SQL Server before the database is set up for the first time. During setup, the account will be added and given the ManagementServerService (for Management Server) or ProfileServerService (for Personalization Server) database role.
- If the database already exists because it has been previously set up, and is being set up again or upgraded, then db_owner privileges are also required for the Config account
- If the database already exists because it has been previously set up, and is being set up again or upgraded, the Config account must also be a member of the ManagementServerAdministrator database role
- The Config account does not need to be a Domain Admin account
- The Config and Service accounts are not related to accessing the EM or Management consoles, only setting up the databases
- Once the database has been fully set up, the Config account can be disabled or deleted if necessary. However it will need to be re-enabled or recreated with the above permissions next time the database needs to be set up
- The Config account should be separate to the Service account or problems can occur
- If the Service account is disabled, deleted or locked out, Personalization Server or Management Center will fail to work as the database will not be accessible
- Any additional permissions provided other than listed here can cause problems setting the database up
- If you are having problems setting the database up, if all else fails try temporarily giving the Config account the Sysadmin role