Accounts and Privileges Required
Certain accounts and privileges are required in order to install and activate IRC Services and the IRC Adapter.
- Accounts and privileges for activation
- Accounts and privileges for specific functions
Accounts and Privileges for Activation
IRC activation configures the system and prepares the SQL Server database to be used by the IRC database. During activation, the system asks for various user accounts that allow IRC to access the database, search for accounts in the directory, and run IRC Services. The accounts required must exist before they can be used during activation. An account may be reused as long as it has the required privileges.
The following user accounts are required for activation: these privileges must be directly assigned to the user and not to a distribution list or a group:
| Account | Used To | Privileges Required | Activation Step | Credentials Stored? |
|---|---|---|---|---|
| Authentication Account | Reference the Active directory to create profiles and map procedure | Must be able to read schema, list users, get properties | Authentication Server | Yes - in Authentication Schemes table in core DB |
| IRC Administrator (Active Directory and AAS) | Configure IRC and assign roles to get started. | No privileges required | IRC Administrator | No - the account name is associated with a IRC profile, but password information is not retained. |
| IRC Services Account (Local Account) | Schedule and run jobs, service accounts for IRC Services |
On local machine: Local Administrator |
IRC Service Account | Yes - in the following file: [Install Path]\Settings\ BizRightsServiceAccount.xml |
| IRC Services Account (Domain Account) | Schedule and run jobs, service accounts for IRC Services |
The account specified must have pre-assigned privileges as the Local Administrator Requires following permissions on the IRC Services database. These can be configured after activation is complete: bulkadmin db_owner |
IRC Services Account Account | Yes - in the following file [Install Path]\Settings\BizRightsServiceAccount.xml. |
| Database Creation Account (Active Directory or SQL account) | Create IRC Services database, assign a database owner and grant bulk administrator privileges to the database access account. |
System Administrator privileges to create Database on SQL Server. Sysadmin server role |
Database Creator | No |
|
Database Access Account (Active Directory or SQL account) This account cannot be a local account in case of windows authentication in a distributed setup. |
Access IRC Services database, and grant bulkadmin privileges to database access account Run a SQL job |
Requires following on the IRC Services database.
Requires following roles on the report server database:
Requires following roles on MSDB database:
|
Database Access | Yes - in the file[Install Path]\Settings\DatabaseConfig.xml |
|
Microsoft SQL Server Reporting Services Publishing Account (same as IRC Service Account) |
Publish IRC reports | Content manager privilege on Microsoft SQL Server Reporting Services. | Microsoft SQL Server Reporting Services Details | No |
| Microsoft SQL Server Reporting Services Access Account | Used by Microsoft SQL Server Reporting Services to access IRC Services database | Must be able to access IRC Services database. | Microsoft SQL Server Reporting Services Details | Yes. In Database Setup configuration option of Microsoft SQL Report Server. |
Accounts and Privileges Required for Specific Functions
| ACCOUNT | USED TO | PRIVILEGES REQUIRED |
|---|---|---|
| POP 3 or WebDav email accounts with valid credentials | Required for post-install configurations if actionable email notifications are to be used | |
| Archive DB User | Used by Microsoft SQL Server for Creating Archive Database |
Must be able to access database server. Must have following permission on the database: Bulk Admin DB Creator |
| Database access account | Collect database logs when the IRC or the CM application is installed with minimum privilege users | These roles must be assigned:
|