NetIQ AppManager Administrative Rights with regard to SQL Server

  • Document ID:7023893
  • Creation Date:22-May-2019
  • Modified Date:22-May-2019
    • Micro Focus Products:
      AppManager

Environment

NetIQ AppManager prior to 9.1 2016Q4 HF
NetIQ AppManager post 9.1 2016Q HF

Situation

What administrative rights do SQL accounts need to have for AppManager to function properly

Resolution

There are two behavior of administrative rights in AppManager with regard to SQL Server. They are administrative rights prior to 9.1 2016Q4 HF and administrative rights post 9.1 2016Q4 HF.

 

Behavior Prior to 9.1 2016Q4 Hotfix:

AppManager provides a SQL login with ‘sysadmin’ server role in SQL Server for AM users assigned to AM user group "AppManager Administrator." 

 

 

Rights Post 9.1 2019Q4 Hotfix:

AppManager limits the server role on SQL login with ‘securityadmin’ and ‘setupadmin’ server role in SQL Server for AM users assigned to AM user group "AppManager Administrator." 

 

 

See the table below to know more about the serverrole

 

serverrole

Usage of the serverrole in AppManager

Securityadmin

Adding a repository to AppManager

Setupadmin

Adding a user to AppManager database.

Registering a repository to a user in AppManager database.

Changing permissions on a user in AppManager database.

 

 

Note:

For old users created prior to 9.1 2016Q4 hotfix, AppManager admin user still may have the sysadmin role. Those AppManager Admin users can be manually updated from sysadmin to "securityadmin" and "setupadmin."

 

Installation of AppManager still needs a user with sysadmin rights.

 

If during installation, the AppManager Administrator user is granted sysadmin serverrole, this role can be revoked and granted only "securityadmin" and "setupadmin" post installation.