Credentials for monitoring a server
Markus
Posts: 26 Bronze 2
I have a question.
When setting up a new server to be monitored what exact rights are required for a Domain account to monitor:
A server, and to monitor a SQL Server within SQL Server.
Right now I have admin rights and 'sa' rights assigned to the userids but our Internal audit is asking if any specific rights can be assigned that are lower than the current high elevation rights. I cannot seem to find anything in the documentation that speaks to this.
When setting up a new server to be monitored what exact rights are required for a Domain account to monitor:
A server, and to monitor a SQL Server within SQL Server.
Right now I have admin rights and 'sa' rights assigned to the userids but our Internal audit is asking if any specific rights can be assigned that are lower than the current high elevation rights. I cannot seem to find anything in the documentation that speaks to this.
Comments
Please see the requirements documentation here under Monitoring host Windows machines and Monitoring SQL Server instances. These are the permissions we indicate are required. I believe several customers have found the specific permissions needed for each data collection method (i.e. the permissions needed so these tests pass) for monitoring the host machine instead of requiring administrator privileges but we don't have a list of these or how to implement them.
I hope this helps!
Kind regards,
Alex
Have you visited our Help Center?
Question that I would like to know.
I have followed the links to the documentation and some companies we monitor will not allow the account that we are using (created for redgate monitoring purposes) to be added to the sysadmin role.
https://documentation.red-gate.com/disp ... ermissions
I wanted to know anyone has used a script before to create this?
Thanks
Marty
I'm not sure I understand what you are referring to by 'to create this'? Are you referring to creating the user without sysadmin privileges or a script to enable the deadlock trace flag manually so it doesn't need sysadmin privileges? The former you would just not add it to the sysadmin role. For the latter you would use (the -1 makes it global). This will only last until SQL Server is restarted so you may need to look into startup parameters to have it enabled each time SQL Server starts. To disable it it's just .
If I've misunderstood please let me know!
Kind regards,
Alex
Have you visited our Help Center?