Component by component permissions
The table below lists the permissions needed to create or add to an installation one component at a time.
To do this | Required permissions and roles (scope) |
|
|
Create an audit console |
|
Create a SQL Server instance |
|
Check a SQL Server service account |
|
Add a service connection point |
|
Add a publication location |
Audit server administrator or |
Add a UNIX agent to an audited machine |
|
Add a Windows agent to an audited machine |
|
Enable trusted audited machine list for an audit store |
Audit server administrator or |
Add an audited machine to the trusted list for an audit store |
Audit server administrator or |
Add a collector |
[does not require any special permissions to install] |
Enable trusted collector list for an audit store |
Audit server administrator or |
Add a collector to the trusted list for an audit store |
Audit server administrator or |
Add an audit store |
Audit server administrator or |
Add an audit store database |
SQL: Database owner (dbo) or |
Attach an audit store database |
Audit Store administrator (Installation) or |
Change which DB is active |
Audit Store administrator or |
Audit Store administrator or |
|
Add an audit server |
Manage Audit Server List (Installation) |
Add an audit role; change its definition, menbership or permissions |
Creator of installation (Installation) or |