Database Administrator (person, and Agilepoint Server privileges)
This user is the primary custodian of AgilePoint database installation and maintenance tasks. For large enterprise-level setup and heavily used systems, it is critical to have the database server node highly capable and tuned for optimal performance. This user would be involved during installation, upgrades, managing a database on a daily basis, monitoring database alerts, and so on.
This role is typically fulfilled by someone from the customer's IT team who manages other database servers in your environment. Once the installation is complete, the DBA is required part-time. Maintenance tasks do not require a full-time administrator.
Permissions for Database Administrators
Database administrators (DBAs) do not need any specific permissions for the AgilePoint NX software. However, there are several reasons DBAs need to be involved in AgilePoint NX implementations:
- Installation and Upgrade -
- A DBA must make sure that there is adequate space for the AgilePoint databases.
For more information, refer to:
- A DBA must make sure the AgilePoint Service Account can access the AgilePoint NX databases.
For more information, refer to, Set Up the AgilePoint Service Account.
- A DBA may be required to create new databases during installation and upgrade.
For more information, refer to:
- Installation Guide
- Upgrade Guide
- The Software Updates document for your AgilePoint NX version
- A DBA must make sure that there is adequate space for the AgilePoint databases.
- Backup and Recovery -
- A user with DBA access must be involved in backup and recovery of AgilePoint
NX data.
For more information, refer to:
- Disaster Recovery
- The Software Updates document for your AgilePoint NX version
- Data backup and recovery is required during AgilePoint NX upgrades.
For more information, refer to:
- Upgrade Guide
- Disaster Recovery
- The Software Updates document for your AgilePoint NX version
- A user with DBA access must be involved in backup and recovery of AgilePoint
NX data.
Database Access for the AgilePoint Service Account
This table shows the default permissions for the AgilePoint Service Account on the database server. A human user must also have the same permissions to create and manage databases. If the security policies for your organization do not allow a human user access to the AgilePoint Service Account, a separate account must be granted these permissions.
System | Permissions | Notes |
---|---|---|
Database |
|
During installation, AgilePoint requires db_owner privileges in SQL Server to create the tables required on the database. For security purposes, after finishing the AgilePoint Server configuration, you can remove the AgilePoint Server service account from the db_owner role in order to disallow the Create table privilege. Instead you can add this user to the db_datareader and db_datawriter role memberships. Please note that when updating the database schema in the future (e.g. for an upgrade), you will need to add this account back to the db_owner role in order for the database schema to be updated It is recommended to configure permissions for the SQL database account for AgilePoint, which grants INSERT, UPDATE, DELETE and SELECT, … by schema (namespace), ONLY on AgilePoint tables at the database level, instead of using the generic dbo schema to restrict access. |