Quantcast
Channel: THWACK: Unanswered Discussions - All Communities
Viewing all articles
Browse latest Browse all 19321

SolarWinds Service Account - Permissions to SQL Server Database

$
0
0

Below is a script to grant the SolarWinds service account permissions to SQL Server databases.  It is a more modern version of the script available at AppInsight for SQL Requirements and Permissions

 

Compared to the original script provided by SolarWinds, the new script:

  • Only adds logins and users if they don’t already exist.  This way, the script runs without errors if successful.  Any errors are legitimate issues to be corrected
  • Uses the more modern ‘CREATE USER’ vs. the old ‘sp_adduser’.  The latter uses the old SQL 6.5 construct where a schema was created for every user and has been removed as of SQL 2014

(I’ve sent a support request to SolarWinds to see if the permission ‘CONNECT ANY DATABASE’ starting with SQL Server 2012 is supported.  If so, for a SQL Server 2012 server, that permission would eliminate the need to create the SolarWinds account as a user in every database, and to continually circle back to servers to make sure that any new databases have the SolarWinds account granted connect permissions.)

 

Hope this Helps!

 

USE [master]

GO

--Create the Login

IF NOTEXISTS (SELECT * FROM sys.server_principals WHERE name = 'Domain\AppInsightUser')

CREATE LOGIN [Domain\AppInsightUser] FROM WINDOWS WITH DEFAULT_DATABASE=[master]

GO

GRANTVIEW SERVER STATETO"Domain\AppInsightUser"

GRANTVIEWANY DEFINITION TO"Domain\AppInsightUser"

--grant certain permission in master

IF NOTEXISTS (SELECT * FROM sys.sysusers WHERE name = 'Domain\AppInsightUser')

CREATEUSER [Domain\AppInsightUser] FOR LOGIN [Domain\AppInsightUser]

GRANTEXECUTEON xp_readerrorlog TO"Domain\AppInsightUser"

--grant certain permission in msdb

USE msdb

IF NOTEXISTS (SELECT * FROM sys.sysusers WHERE name = 'Domain\AppInsightUser')

CREATEUSER [Domain\AppInsightUser] FOR LOGIN [Domain\AppInsightUser]

EXEC sp_addrolemember N'db_datareader', N'Domain\AppInsightUser'

--for each db, if the database is not a system database and the account doesn't already exist

--does the account need access to tempdb and model?

EXECUTE sp_MSforeachdb 'USE [?];

IF EXISTS (SELECT * FROM sys.databases

WHERE (is_distributor = 1 OR name NOT IN (''master'', ''model'', ''tempdb'', ''msdb''))

AND name = ''?'') AND NOT EXISTS (SELECT * FROM sys.sysusers WHERE name = ''Domain\AppInsightUser'')

CREATE USER [Domain\AppInsightUser] FOR LOGIN [Domain\AppInsightUser]

'


Viewing all articles
Browse latest Browse all 19321

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>