Environment
NetIQ AppManager 6.x
NetIQ AppManager 7.0.x
Microsoft SQL Enterprise 2005
Microsoft SQL Enterprise 2008
Situation
Resolution
Warning: Users may break the NetIQ SQL Stored Procedures and Jobs when removing the 'sa' role from the BUILTIN\Administrators. It is highly advised that the BUILTIN\Administrators account in SQL NOT have the SA role removed from it in SQL.
If you are using any user account that is in the BUILTIN\Administrators account in SQL to login into the AppManager operator console, those users will run into problems where they may not be able to login in to the AppManager Operator Console or run Knowledge Scripts, if the SA Role is removed from the BUILTIN\Administrators account in SQL.
This can be avoided if the user already has a unique login account in SQL, and that account has a unique Role set in AppManager Security Manager equivalent to the Role given to the BUILTIN\Administrators. If the user is not allowed to have, for example, a db_owner role for another account (NT or SQL), they should at least be given the following SQL Roles:
On the QDB database:
- public role (by default)
- db_ddladmin: Allow KS to execute most of the extended store procedure.
- db_backupoperator: Allow KS to use DBCC command
Additional Information