Install the Endpoint Privilege Management Reporting Database

Install the Endpoint Privilege Management Reporting Database before the Event Parser. As part of the install, set the database connection details, and the installer creates the Endpoint Privilege Management database if it doesn’t already exist.

The Endpoint Privilege Management Reporting Database installer creates a database and database permissions through embedded SQL scripts. If your database administration team does not allow creation of databases or database permissions by installers, contact BeyondTrust Technical Support for assistance with an alternative approach.

Pre-Installation Tasks

Accounts

Before starting with the installation of the Endpoint Privilege Management Reporting Database, we recommend the following accounts be created.

Accounts Required for Installation

Name Details

Account Type

Permissions / Rights

DatabaseCreator

Used by the Reporting Database  installer to create the Endpoint Privilege Management database.

Windows account or SQL Authentication account

SQL Server permission – sysadmin.

The database must be installed by a user whose default schema is DBO.

BeyondTrust Technical Support can assist with a manual setup in scenarios where sysadmin permissions are not permitted.

EventParser

Used by the Event Parser service to connect to the BeyondTrust database and write event data.

Windows account

SQL Server permission - database write access Windows group members - Event Log Readers.

Windows permission - Network access (for remote SQL Server instance).

ReportReader Used by the Reporting Pack reports to allow read access to the Endpoint Privilege Management database.

Windows account or SQL Authentication account

Requires Log On Locally rights on server hosting SSRS.

SELECT and EXECUTE permissions are assigned during the installation process.

DataAdmin

Used by the Reporting Pack reports to allow write access to the Endpoint Privilege Management database to purge undesired data.

This account and product feature is optional.

Windows account or SQL Authentication account

Requires Log On Locally rights on server hosting SSRS.

SELECT and EXECUTE permissions are assigned during the installation process.

If you are using a single server, as in Deployment Option 1, then you may want to run the Endpoint Privilege Management Event Parser services as the SYSTEM account. In this scenario, you can use the Database installer to configure database access for the SYSTEM account.

If Windows Authentication is selected for the SQL connection, then the account of the installing user MUST have Alter Any Login and Create Any Database permissions on the SQL Server instance for the Reporting Services instance User to be created. If you receive an error 15247, verify these permissions are granted.

For more information, see User-Schema Separation.

Install the Reporting Database

Ensure you complete the prerequisites section before proceeding with the database install.

Prerequisites

To install the Privilege Management Reporting database, the MS OLE DB v19 SQL Database Driver must be installed. The driver has a dependency on both the X86 and X64 versions of the Microsoft Visual C++ 2015-2022 Redistributable v14.34 (and later). Both components must also be installed.

The Privilege Management Reporting database EXE installer checks if the correct versions of the MS OLE DB driver and VC++ redistributable are already installed. If not, the components are automatically installed by the Privilege Management Policy Editor EXE installer.

If using the MSI to install the Privilege Management Reporting database, the prerequisites need to be manually installed if they don’t already exist on the machine where the installer is being run.

Visit the following websites to install these components separately.

The installation of the Microsoft Visual C++ Redistributables can require a reboot. Plan the installation accordingly.

  • If using the Privilege Management Reporting database EXE to install these components: If a reboot is required, there will be one request to reboot at the end of the installation.
  • If installing the X86 and X64 versions of the Microsoft Visual C++ Redistributables separately: If a reboot is required, there may be a separate reboot request at the end of each of the installations.

Install the Reporting Database

To install the Endpoint Privilege Management Reporting database, run the installation package with an account that has Database Creator privileges.

  1. Run the installation package and click Next to continue. The License Agreement dialog box is displayed.
  2. After reading the license agreement, select I accept the terms in the license agreement and click Next to continue. The Database server dialog box is displayed.

Endpoint Privilege Management Reporting installer wizard: database server settings

  1. Enter the name of the database catalog for Endpoint Privilege Management audit data. You can choose to use the current Windows user for the Database Creator user or enter credentials for a SQL account. Click Next to continue.

 

We recommend you leave caching enabled. For more information, see Manage the Endpoint Privilege Management Database Cache.

  1. The Configure Report Data Caching dialog box is displayed. Report data caching is on by default. Click Next.
  2. Select Privilege Management Reporting for BeyondInsight installation only if you are integrating with BeyondInsight. Database user accounts required for the integration are created with SQL Server authentication. Click Next. The Configure Event Parser Database User dialog box is displayed.

Endpoint Privilege Management Reporting installer wizard: event parser settings

  1. You must configure an Event Parser user to ensure the appropriate permissions are added for the database. You can choose to use the current Windows user for the Event Parser user or create a SQL Server account. Click Next to continue.

 

Endpoint Privilege Management Reporting installer wizard: report server settings

  1. The Configure Reporting Services Database User is displayed. You must configure a Report Reader user to ensure the appropriate permissions are added for the database. You can choose to use the current Windows user for the Report Reader user or create a SQL account. Click Next to continue.

 

Endpoint Privilege Management Reporting installer wizard: database admin user settings

  1. The Configure Data Admin Database User dialog box is displayed. You must configure a Data Admin user to ensure the appropriate permissions are added for the database. You can choose to use the current Windows user for the Data Admin user or create a SQL account. Click Next to continue.
  2. The Ready to Install the Program dialog box is displayed. Click Install, and then click Finish.