Install the Privilege Management Reporting Database

Install the Privilege Management Reporting Database before the Event Parser. As part of the install, you set the database connection details, and the installer creates the Privilege Management database if it doesn’t already exist.

The Privilege Management Reporting Database installer creates a database and database permissions through embedded SQL scripts. If your database administration team does not allow creation of databases or database permissions by installers, please contact BeyondTrust Technical Support for assistance with an alternative approach.

Pre-Installation Tasks

Accounts

Before starting with the installation of the Privilege Management Reporting Database, we recommend the following accounts be created.

Accounts Required for Installation

Name Details

Account Type

Permissions / Rights

DatabaseCreator

Used by the Reporting Database  installer to create the Privilege Management database.

Windows account or SQL Authentication account

SQL Server permission – sysadmin.

The database must be installed by a user whose default schema is DBO.

BeyondTrust Technical Support can assist with a manual setup in scenarios where sysadmin permissions are not permitted.

EventParser

Used by the Event Parser service to connect to the BeyondTrust database and write event data.

Windows account

SQL Server permission - database write access Windows group members - Event Log Readers.

Windows permission - Network access (for remote SQL Server instance).

ReportReader Used by the Reporting Pack reports to allow read access to the Privilege Management database.

Windows account or SQL Authentication account

Requires Log On Locally rights on server hosting SSRS.

SELECT and EXECUTE permissions are assigned during the installation process.

DataAdmin

Used by the Reporting Pack reports to allow write access to the Privilege Management database to purge undesired data.

This account and product feature is optional - please see section 4.2 Installation for more information.

Windows account or SQL Authentication account

Requires Log On Locally rights on server hosting SSRS.

SELECT and EXECUTE permissions are assigned during the installation process.

If you are using a single server, as in Deployment Option 1, then you may want to run the Privilege Management Event Parser services as the SYSTEM account. In this scenario, you can use the Database installer to configure database access for the SYSTEM account.

If Windows Authentication is selected for the SQL connection, then the account of the installing user MUST have Alter Any Login and Create Any Database permissions on the SQL Server instance for the Reporting Services instance User to be created. If you receive an error 15247, verify these permissions are granted.

For more information, please see User-Schema Separation.

Install the Reporting Database

To install Privilege Management Reporting Database, run the appropriate installation package with an account that has Database Creator privileges:

If you are running the installer on the database machine use:

PrivilegeManagementReportingDatabase.msi

If you are running the installer on a client machine use:

PrivilegeManagementReportingDatabase.exe
  1. Run the appropriate installation package and click Next to continue. The License Agreement dialog box is displayed.
  2. After reading the license agreement, select I accept the terms in the license agreement and click Next to continue. The Database server dialog box is displayed.

Privilege Management Reporting installer wizard: database server settings

  1. Enter the name of the database catalog for Privilege Management audit data. You can choose to use the current Windows user for the Database Creator user or enter credentials for a SQL account. Click Next to continue.

 

We recommend you leave caching enabled. For more information, please see Manage the Privilege Management Database Cache.

  1. The Configure Report Data Caching dialog box is displayed. Report data caching is on by default. Click Next.
  1. Select Privilege Management Reporting for BeyondInsight installation only if you are integrating with BeyondInsight. Database user accounts required for the integration are created with SQL Server authentication. Click Next. The Configure Event Parser Database User dialog box is displayed.

Privilege Management Reporting installer wizard: event parser settings

  1. You must configure an Event Parser user to ensure the appropriate permissions are added for the database. You can choose to use the current Windows user for the Event Parser user or create a SQL Server account. Click Next to continue.

 

Privilege Management Reporting installer wizard: report server settings

  1. The Configure Reporting Services Database User is displayed. You must configure a Report Reader user to ensure the appropriate permissions are added for the database. You can choose to use the current Windows user for the Report Reader user or create a SQL account. Click Next to continue.

 

Privilege Management Reporting installer wizard: database admin user settings

  1. The Configure Data Admin Database User dialog box is displayed. You must configure a Data Admin user to ensure the appropriate permissions are added for the database. You can choose to use the current Windows user for the Data Admin user or create a SQL account. Click Next to continue.
  1. The Ready to Install the Program dialog box is displayed. Click Install, and then click Finish.