- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2014 12:27 PM
I have been experimenting with Discovering SQL database catalogs. In order to allow Discovery to do this, I had to follow the steps outlined in this wiki article:
https://wiki.servicenow.com/index.php?title=Microsoft_SQL_Servers
I had an SQL administrator grant systemadmin access within SQL to the service account that runs our Discovery tool on a single machine, and I was able to Discover the database catalogs without issue. However, policy prevents us from granting this level of access broadly.
Could anyone tell me what the minimum level of access in SQL is necessary to be able to Discover database catalogs? The wiki article simply states (Ensure credentials have access to the following) "The Microsoft SQL Server instance on the target Windows host. You must add the user to the SQL Server configuration.", but does not mention what specific level of access is needed.
Any help would be greatly appreciated!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2014 08:12 AM
I thought I'd follow-up to my own post here, as I've concluded testing. We were able to determine the minimum level of access required within SQL Server for the Discovery tool to create / update MFST SQL Catalog CIs.
If you wish to Discover SQL Database Catalogs, your SQL admins will need to assign the "Public" Server Role to the account (or accounts) that run the midserver service on the MID Servers in your environment.
Now what we know the minimum level of access required, we don't need to ask for the "master key", so to speak.
I hope this helps alleviate potential security concerns around Discovery of individual databases!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2014 01:00 PM
You'll probably want to work with your DB admin to determine what is appropriate. Discovery should only need read access to the information that you want discovered in the DB structure.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2014 08:12 AM
I thought I'd follow-up to my own post here, as I've concluded testing. We were able to determine the minimum level of access required within SQL Server for the Discovery tool to create / update MFST SQL Catalog CIs.
If you wish to Discover SQL Database Catalogs, your SQL admins will need to assign the "Public" Server Role to the account (or accounts) that run the midserver service on the MID Servers in your environment.
Now what we know the minimum level of access required, we don't need to ask for the "master key", so to speak.
I hope this helps alleviate potential security concerns around Discovery of individual databases!
