SQL Monitor 6

Permissions

These are the minimum permissions required to run SQL Monitor and monitor your servers. To test the permissions, see Testing data collection methods

If you want to access SQL Monitor through a firewall, check the firewall requirements.

Web service account

  • The account should have Log on as service rights.  For information on how to assign these permissions, see Add the Log on as a service right to an account.
  • The account should have Full Control over the folder C:\Documents and Settings\All Users\Application Data\Red Gate\SQL Monitor. For Vista and Windows 7: C:\ProgramData\Red Gate\SQL Monitor.
  • The account should have Full Control over the folder C:\Documents and Settings\All Users\Application Data\Red Gate\Logs\SQL Monitor or equivalent location.
The SQL Monitor Web Service is not installed if you use IIS as your Web Server.

Monitoring service account

  • The account should have Log on as service rights. For information on how to assign these permissions, see Add the Log on as a service right to an account.
  • The account should have Full Control over the folder C:\Documents and Settings\All Users\Application Data\Red Gate\Logs\SQL Monitor. For Vista and Windows 7 : C:\ProgramData\Red Gate\Logs\SQL Monitor.
  • The login should be a member of the db_owner database role on the Data Repository database (called RedGateMonitor by default).

Monitoring host Windows machines

  • The account should be an administrator on the remote Windows host machine. 
  • The account should have login rights locally on the machine where the base monitor is installed, so that SQL Monitor can authenticate the account.

Monitoring SQL Server instances

The account used to monitor your SQL Server instance should have the following permissions:

For SQL Server 2005, SQL Server 2008 and SQL Server 2012

  • member of the db_datareader role on the msdb system database.
  • member of SQLAgentReader role on the msdb system database.
  • member of the db_ddladmin database role on all databases (needed to run sys.dm_db_index_physical_stats() required by the Fragmented index alert).
  • VIEW ANY DEFINITION server permission.
  • ALTER TRACE server permission (if you want to enable trace data).
  • VIEW SERVER STATE and VIEW DATABASE STATE database permissions on all databases.
  • sysadmin role required for Integrity check overdue alerts and to allow SQL Monitor to turn on the deadlock trace flag (this flag is required for Deadlock alerts to be raised; you can turn on the flag manually if you don't want to enable sysadmin permissions).
  • member of the db_datareader and db_datawriter role on the tempdb database.

For SQL Server 2000

If you want SQL Monitor to be able to collect trace data (trace data can optionally be displayed as part of some alerts), then the account must be a member of the sysadmin server role.

If you do not want SQL Monitor to collect trace data, then the account should have the following permissions:

  • member of the db_datareader database role on the msdb system database.
  • member of the db_datareader database role on the master database.
  • member of the db_ddladmin database role on all databases (needed to run sys.dm_db_index_physical_stats() required by the Fragmented index alert).

    The sysadmin fixed role is a superset of these permissions, and can also be used, but is not explicitly required except for trace collecting.

Do you have any feedback on this documentation?

Let us know at sqlmonitorfeedback@red-gate.com


Didn't find what you were looking for?