Accounts and Privileges Required

Certain accounts and privileges are required in order to install and activate IRC Services and the IRC Adapter.

  • Accounts and privileges for activation
  • Accounts and privileges for specific functions

Accounts and Privileges for Activation

IRC activation configures the system and prepares the SQL Server database to be used by the IRC database. During activation, the system asks for various user accounts that allow IRC to access the database, search for accounts in the directory, and run IRC Services. The accounts required must exist before they can be used during activation. An account may be reused as long as it has the required privileges.

Note: All passwords in IRC are stored in encrypted formats in the configuration files and in the database.

The following user accounts are required for activation: these privileges must be directly assigned to the user and not to a distribution list or a group:

Account Used To Privileges Required Activation Step Credentials Stored?
Authentication Account Reference the Active directory to create profiles and map procedure Must be able to read schema, list users, get properties Authentication Server Yes - in Authentication Schemes table in core DB
IRC Administrator (Active Directory and AAS) Configure IRC and assign roles to get started. No privileges required IRC Administrator No - the account name is associated with a IRC profile, but password information is not retained.
IRC Services Account (Local Account) Schedule and run jobs, service accounts for IRC Services

On local machine:

Local Administrator
IRC Service Account Yes - in the following file: [Install Path]\Settings\ BizRightsServiceAccount.xml
IRC Services Account (Domain Account) Schedule and run jobs, service accounts for IRC Services

The account specified must have pre-assigned privileges as the Local Administrator

Requires following permissions on the IRC Services database. These can be configured after activation is complete:

bulkadmin

db_owner

IRC Services Account Account Yes - in the following file [Install Path]\Settings\BizRightsServiceAccount.xml.
Database Creation Account (Active Directory or SQL account) Create IRC Services database, assign a database owner and grant bulk administrator privileges to the database access account.

System Administrator privileges to create Database on SQL Server.

Sysadmin server role
Database Creator No

Database Access Account (Active Directory or SQL account)

This account cannot be a local account in case of windows authentication in a distributed setup.

Access IRC Services database, and grant bulkadmin privileges to database access account

Run a SQL job

Requires following on the IRC Services database.

  • Bulkadmin server role
  • db_owner database role membership

Requires following roles on the report server database:

  • db_owner database role
  • RSExecRole

Requires following roles on MSDB database:

  • SQLAgentUserRole
  • SQLAgentReaderRole
Database Access Yes - in the file[Install Path]\Settings\DatabaseConfig.xml

Microsoft SQL Server Reporting Services Publishing Account

(same as IRC Service Account)
Publish IRC reports Content manager privilege on Microsoft SQL Server Reporting Services. Microsoft SQL Server Reporting Services Details No
Microsoft SQL Server Reporting Services Access Account Used by Microsoft SQL Server Reporting Services to access IRC Services database Must be able to access IRC Services database. Microsoft SQL Server Reporting Services Details Yes. In Database Setup configuration option of Microsoft SQL Report Server.

Accounts and Privileges Required for Specific Functions

ACCOUNT USED TO PRIVILEGES REQUIRED
POP 3 or WebDav email accounts with valid credentials Required for post-install configurations if actionable email notifications are to be used
Archive DB User Used by Microsoft SQL Server for Creating Archive Database

Must be able to access database server.

Must have following permission on the database:

Bulk Admin

DB Creator
Database access account Collect database logs when the IRC or the CM application is installed with minimum privilege users These roles must be assigned:
  • MSDB database: 'db_owner'
  • Tempdb database: 'db_owner'