An account with Read Only privileges in Security Manager can perform Administrative actions (NETIQKB41113)

Document ID:7741113
Creation Date:02-Feb-2007
Modified Date:20-Aug-2010
- Micro Focus Products:
  AppManager

Environment

NetIQ AppManager 6.0.x
NetIQ AppManager 7.0.x
Microsoft Windows 200x
Microsoft SQL Server 200x

Situation

An account with Read Only privileges in Security Manager can perform Administrative actions

Resolution

When directly accessing the Repository server and switching between logon accounts, the second logon account that you are working with will require local logon rights to the machine as well (to log on). However, having both Local Logon and Local Admin rights on the Repository server grants administrative access to Microsoft SQL Server.

To avoid this issue:

Change permissions on the account so it does not have Logon Locally rights to the Repository Server, which hosts the QDB.
Test the affected account by accessing the Operator Console on a separate server or workstation without physically logging onto the Repository server.

Cause

If you have Microsoft SQL administrative rights, those privileges bypass AppManager Security and give you full rights to perform any operations.

Additional Information

Formerly known as NETIQKB41113