Upgrade without being DBVaultOwner
1 vote
In our environment for security reasons, we do not allow service accounts to login interactively. So when I want to upgrade I have to put a ticket in for an exemption to the policy, get info sec approval, and then get the AD people to allow the account to login interactively, then I have to put in another ticket for them to fix it.
I don't see why upgrades need to be performed by the DBVaultOwner. You already have those creds cached since the service is running as that. It would be amazing if I could just install it as my normal Administrator account.
Thanks!
Matt
All Comments (3)
Hello,
Depending on the update it is needed that some modification on database side must be executed - if the user does not own the proper permissions the upgrade will fail. This is the reason why the DVLS_Owner needs permissions on the database - even after the initial installation.
Maybe the SQL service accounts in combination with a Devolutions Console password fits more your needs?
https://docs.devolutions.net/server/kb/knowledge-base/pre-deployment-account-survey/#windows-sql-accounts
https://docs.devolutions.net/server/kb/knowledge-base/dvls-security-hardening/#devolutions-server-console-password
In this case you can perform the upgrade with eg. a local Administrator, as the connection to the database are performed with the configured SQL users.
Regards,
Min
Thank you for your reply @Min Destens . However that documentation doesn't tell me how to do the upgrade without being dvs_owner. Are you saying any local admin on the dvls server should be able to perform the upgrade after that initial database connection has been established?
Hello,
If you’re using SQL accounts for the database connection, then yes, as the connection string is already configured in the Devolutions Console.
Regards,
Min