Component by component permissions

The table below lists the permissions needed to create or add to an installation one component at a time.

To do this Required permissions and roles (scope)

Create an audit installation

 

Create an audit console

 

Create a SQL Server instance

 

Check a SQL Server service account

 

Add a service connection point

 

Add a publication location

Audit server administrator  or
Manage Publication Locations (Installation)

Add a UNIX agent to an audited machine

 

Add a Windows agent to an audited machine

 

Enable trusted audited machine list for an audit store

Audit server administrator  or
Manage Collectors (Installation)

Add an audited machine to the trusted list for an audit store

Audit server administrator  or
Manage Collectors (Installation)

Add a collector

[does not require any special permissions to install]

Enable trusted collector list for an audit store

Audit server administrator  or
Manage Collectors (Installation)

Add a collector to the trusted list for an audit store

Audit server administrator  or
Manage Collectors (Installation)

Add an audit store

Audit server administrator  or
Manage Audit Store List (Installation)

Add an audit store database

SQL: Database owner (dbo) or
a delegated member of the
db_owner role  or
Audit store administrator (Installation)  or
Audit server administrator (Installation)  or
Manage Databases (Installation)

Attach an audit store database
Change which DB is active
Attach DA version 1 database

Audit Store administrator (Installation)  or
Audit server administrator (Installation)  or
Manage Databases (Installation)

Change which DB is active

Audit Store administrator  or
Audit server administrator  or
Manage Databases

Add a subnet or AD site to the audit store

Audit Store administrator  or
Audit server administrator  or
Manage Sites (Audit store)

Add an audit server

Manage Audit Server List (Installation)

Add an audit role; change its definition, menbership or permissions

Creator of installation (Installation)  or
Audit server administrator (Installation)  or
Manage Audit Roles (Installation)