Forum / Devolutions Password Server - Support

DBRunner permissions

  • Create an Issue
  • Cancel

Hi,
The online help for Devolutions Server you write that you should create a DBrunner account.

  • Create the DBRunner account in the domain.
  • Grant access to the SQL Server instance to DBRunner.
  • Grant access to the database to DBRunner.
What specific role membership should the account have in SQL. Is it enough with db_datareader and db_writer or what should it be?

Clock5 yrs

Hello,

We refrain from being too specific because the way you use the server has implications. Is it on the Internet or simply on your intranet? Must you conform to security guidelines or your priority is ease of management?

I have worked with customers that wanted the dbrunner to have the least level of privileges possible. Under those conditions, you do not manage user permissions through the main instance, but rather through a secondary instance connected to the same database, but that has strict firewall rules to only allow access from a specific subnet. Obviously that DBRunner account for the primary instance does not need INSERT/UPDATE permissions on our security tables.

A method that is simple and consistent across versions of RDM is to connect to the underlying database using a SQL Server Datasource and to create the DBRunner user and to grant him the RDM Administrator setting. This will grant enough permissions for the account to perform its tasks.

Depending on the version you are running, you may need to go in SQL Server Management studio and check the "WITH GRANT" option for most permissions, but we have changed that recently and cannot say for sure without checking at the code.

If you wish, I could work on a script to grant "typical" permissions.

Best regards,



Maurice Côté

signaturesignature

Clock5 yrs