Create a Functional Account for a SQL Server Database
When you are adding SQL Server as a managed system, you must first create a security login in SQL Server to use for the functional account.
Permissions and Roles in SQL Server
The following roles and permissions are required for the functional account:
- Server roles – public
- ALTER ANY LOGIN
- CONNECT SQL
Apply Permissions to a Functional Account:
The following code samples show you how to apply the required permissions to the functional account.
GRANT CONNECT SQL TO [FunctionalAccountName];
GRANT ALTER ANY LOGIN TO [FunctionalAccountName];
Create the Account in SQL Server
- Connect to a database as the SQL Server sa on the asset you manage.
- Expand Security and expand Logins.
- Right-click Logins and select New login.
- Enter a Login name and select SQL Server Authorization.
- Enter and confirm a password.
- Configure the user as desired and click OK.
- To configure the user, right-click the user and select Properties.
- Select Server Roles and ensure the public roles is selected.
- Select Securables and click Search.
- Select the server instance and click OK.
- From the list of permissions, ensure the Alter any login and Connect SQL are selected for Grantor sa.
- Click OK.
SQL Server Instance Port Retrieval
To configure a SQL Server database for Password Safe, you must retrieve the port number on the managed database instance using a query. The below query is required for database instances only. You do not need to provide a port number for the default instance.
- Create an instance on SQL Server.
- Once the instance is running, open the database and then select New Query.
- Execute the following query as shown on separate lines:
GO xp_readerrorlog 0, 1, N'Server is listening on' GO
- Within BeyondInsight on the Assets page, find the asset where the SQL Server database is installed.
- Within the asset's menu actions, select Go to advance details.
- Select the Database tab.
- Click Add Database. Leave the default port or manually add the correct database port.
- Click Save Database.
- In the Database grid, select the newly created database from above.
- From the Database menu actions, select Add to Password Safe.
- Fill out the details required for the managed system.
- Create the Create Managed System button.
Add a PostgreSQL Database Instance
A PostgreSQL database instance must be added manually.
Before adding the instance to Password Safe management, you must create an account in PostgreSQL to use as the functional account in Password Safe.
Create Accounts in PostgreSQL
The following instructions are for guidance only. For details on how to create an account, refer to the PostgreSQL documentation.
To create the account with appropriate level permissions:
- Run pgadmin from the icon on the tray.
- Right-click Login/Group roles, and then click Create.
- Enter a name. This is the functional account.
- On the Privileges tab, ensure the following permissions are in place for the functional account: Login, Create role, and Inherit rights from parent roles.
- Right-click Login/Group roles, and then select Create.
- Enter a name. This is the managed account.
- On the Privileges tab, ensure the following permissions are in place for the managed account: Login, and Inherit rights from parent roles.
You must also know the database instance name and the port number. In pgadmin, click Object , select Properties, and then click the Connection tab.
Add the PostgreSQL Instance to Password Safe
- Scan the asset where the PostgreSQL instance resides.
- Go to the Assets page.
- Select the desired asset, click the More Option button, and then select Go to advanced details.
- Under General Data, select Databases.
- For the desired instance, click the More Options icon, and then select Add to Password Safe.
- Set the following:
- Instance Name: Enter the instance name.
- Platform: Select PostgreSQL.
- Version: Enter the PostgreSQL version number. This is optional.
- Port: The default port value is 5432.
- Click Create Managed System.