Home » Support » Telligent Evolution Platform » Telligent Community » Discussions » Please clarify why db_securityadmin and db_ddladmin roles are needed

Please clarify why db_securityadmin and db_ddladmin roles are needed

Open Support Ticket

Call Support:
Direct: (214) 420-1337
Toll Free: (877) 522-6334

Monday through Friday
8 a.m. to 6 p.m. Central (GMT-6)

Join our Community
Details
  • 5 Replies
  • 3 Subscribers
  • Postedover 2 years ago
Options

Please clarify why db_securityadmin and db_ddladmin roles are needed

This question is answered
Adam Seabridge
Posted by
on Wed, Nov 24 2010 12:04 AM

Hi,

Could someone please clarify why the following permissions are required for Telligent Community 5.5/5.6 and Enterprise 2.5:

    - db_ddladmin
    - db_securityadmin

This post (and others) suggest that it is needed for the site to work 100% - e.g SP's that modify indexes and views:

http://telligent.com/support/communityserver/community_server_2008/f/295/p/1050841/1297941.aspx#1297941

It would be really helpful if someone could outline which features/items won't work correctly without these permissions enabled so that I can justify this to security concious clients.

Thanks for the help

Adam
Verified Answer
  • Alex Crome
    Posted by
    on Wed, Nov 24 2010 11:30 AM

    I've asked for confirmation on this, but I believe they are only required for some of the background tasks, so you should only need to grant these permissions to the Job Scheduler.  (Don't hold me to that yet though!)
  • Adam Seabridge
    Posted by
    on Wed, Nov 24 2010 11:45 AM

    Hi Alex,

    Thanks for that, I will await your confirmed response first then. It would be good to know which tasks require these permissions if this is the case also.

    I assume that if this is the case then this is different for 5.5 to 5.6 or Enterprise 2.5 > 2.6 as the job scheduler only came in in 5.6 and that in 5.5 the network service account runs the CS Tasks and so in this case it would need these permissions?

    Thanks

    Adam
  • David Neal
    Posted by
    on Wed, Nov 24 2010 2:37 PM
    Verified Answer
    Verified by

    The db_securityadmin role is not required.  However, the db_ddladmin role is required to execute cs_system_GenerateSectionTotals, cs_system_GenerateTagCounts, and cs_system_GenerateWeblogYearMonthDayList stored procedures.  These procedures are used by CalculateSectionTotalsJob, CalculateTagCountsJob and GenerateWeblogYearMonthDayListJob tasks, respectively.  

    It is possible you could disable these jobs in the tasks.config and set up one or more SQL Server Agent jobs to execute these procedures.
  • Adam Seabridge
    Posted by
    on Wed, Nov 24 2010 2:44 PM

    Hi Neal,

    Thanks for your swift response and clarification. I may advise that if this is an issue that we take the route of setting these up as Jobs.

    To avoid confusion, If db_securityadmin is not needed would it be possible to update the install guide in line with this:

    telligent.com/.../install-telligent-evolution.aspx

    Thanks

    Adam
  • David Neal
    Posted by
    on Wed, Nov 24 2010 2:51 PM

    Yes, the documentation will be updated. Thanks for the suggestion!
All Replies
  • Alex Crome
    Posted by
    on Wed, Nov 24 2010 11:30 AM

    I've asked for confirmation on this, but I believe they are only required for some of the background tasks, so you should only need to grant these permissions to the Job Scheduler.  (Don't hold me to that yet though!)
  • Adam Seabridge
    Posted by
    on Wed, Nov 24 2010 11:45 AM

    Hi Alex,

    Thanks for that, I will await your confirmed response first then. It would be good to know which tasks require these permissions if this is the case also.

    I assume that if this is the case then this is different for 5.5 to 5.6 or Enterprise 2.5 > 2.6 as the job scheduler only came in in 5.6 and that in 5.5 the network service account runs the CS Tasks and so in this case it would need these permissions?

    Thanks

    Adam
  • David Neal
    Posted by
    on Wed, Nov 24 2010 2:37 PM
    Verified Answer
    Verified by

    The db_securityadmin role is not required.  However, the db_ddladmin role is required to execute cs_system_GenerateSectionTotals, cs_system_GenerateTagCounts, and cs_system_GenerateWeblogYearMonthDayList stored procedures.  These procedures are used by CalculateSectionTotalsJob, CalculateTagCountsJob and GenerateWeblogYearMonthDayListJob tasks, respectively.  

    It is possible you could disable these jobs in the tasks.config and set up one or more SQL Server Agent jobs to execute these procedures.
  • Adam Seabridge
    Posted by
    on Wed, Nov 24 2010 2:44 PM

    Hi Neal,

    Thanks for your swift response and clarification. I may advise that if this is an issue that we take the route of setting these up as Jobs.

    To avoid confusion, If db_securityadmin is not needed would it be possible to update the install guide in line with this:

    telligent.com/.../install-telligent-evolution.aspx

    Thanks

    Adam
  • David Neal
    Posted by
    on Wed, Nov 24 2010 2:51 PM

    Yes, the documentation will be updated. Thanks for the suggestion!