What are the Minimum Permissions for AgilePoint Server?

AgilePoint recommends the following security settings for the AgilePoint Service Account on the AgilePoint Server machine. These are the only permissions supported by AgilePoint out of the box:

System Permissions Notes

AgilePoint Server Machines

  • Local administrator
  • ServiceLogon
  • Member of the following groups:
    • Administrator
    • Performance Monitor Users
    • IIS_IUSRS
    • adHocAdmin
  • Service Principle Name (SPN)
  • This user account will also be used to initially sign in to AgilePoint NX.
  • If you are installing AgilePoint Server on a Domain Controller, this cannot be a local administrator account.
  • The adHocAdmin group is required for Report Center. You may need to create this group in your environment.

    In most cases, Report Center is installed on the AgilePoint Server machine.

    Note: The Report Center component (sometimes referred to as AgileReports) can only be used by customers who purchased this component before April 1, 2020. This version is no longer available for purchase, including by current and previous purchasers of AgilePoint NX or the Report Center component. In AgilePoint NX v8.0 and higher, Report Center has been replaced with the Analytics Center component.
  • SetSPN is required for Kerberos only. For more information, refer to Set Service Principle Name (SetSPN).

If you are not able to provide these full permissions due to your company's IT policies, the following guidance applies:

System Permissions Notes

AgilePoint Server Component

  • Full control of AgilePoint installation folder.
  • Full control of the Windows tmp folder.
  • Full control of the system event log for the AgilePoint log entry.
  • Read and write access for the folder c:\Application files\Common\Ascentn
  • Read and write access to the Windows Registry.
  • Read and write access to the performance counter for % CPU utilization.
  • Permission to open all applicable ports as a listener.

    For more information, refer to Reserve Port Numbers for AgilePoint NX Components.

  • Outgoing access to your SMTP port.
  • Outgoing access to your Active Directory port.

Additional components, for example AgileConnectors

  • Depends upon the component.

Permissions required vary widely, depending upon the component. For specific information, contact AgilePoint Professional Services.