Database Administrator (person, and Agilepoint Server privileges)

This user is the primary custodian of AgilePoint database installation and maintenance tasks. For large enterprise-level setup and heavily used systems, it is critical to have the database server node highly capable and tuned for optimal performance. This user would be involved during installation, upgrades, managing a database on a daily basis, monitoring database alerts, and so on.

This role is typically fulfilled by someone from the customer's IT team who manages other database servers in your environment. Once the installation is complete, the DBA is required part-time. Maintenance tasks do not require a full-time administrator.

Permissions for Database Administrators

Database administrators (DBAs) do not need any specific permissions for the AgilePoint NX software. However, there are several reasons DBAs need to be involved in AgilePoint NX implementations:

Database Access for the AgilePoint Service Account

This table shows the default permissions for the AgilePoint Service Account on the database server. A human user must also have the same permissions to create and manage databases. If the security policies for your organization do not allow a human user access to the AgilePoint Service Account, a separate account must be granted these permissions.

SystemPermissionsNotes

Database

  • db_owner privileges

During installation, AgilePoint requires db_owner privileges in SQL Server to create the tables required on the database. For security purposes, after finishing the AgilePoint Server configuration, you can remove the AgilePoint Server service account from the db_owner role in order to disallow the Create table privilege. Instead you can add this user to the db_datareader and db_datawriter role memberships. Please note that when updating the database schema in the future (e.g. for an upgrade), you will need to add this account back to the db_owner role in order for the database schema to be updated

It is recommended to configure permissions for the SQL database account for AgilePoint, which grants INSERT, UPDATE, DELETE and SELECT, … by schema (namespace), ONLY on AgilePoint tables at the database level, instead of using the generic dbo schema to restrict access.